Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th June 2006, 00:12
erk erk is offline
Member
 
Join Date: Oct 2005
Location: Göteborg, Sweden
Posts: 41
Thanks: 0
Thanked 4 Times in 3 Posts
Default Killing that spam with greylisting using Postfix and Postgrey

Ever heard of greylisting?

Greylisting is a powerful way of reducing spam to your mailserver. Greylisting in short means that when someone wants to deliver a mail to your mailserver it will simply reply "Please come back later". That is something all RFC compliant mailservers do and when they do come back the mail is accepted. Most spammers and spam software are not compliant and not patient enough to try again. You will be surprised to see how effective this is. Anyway, follow the links below to really learn about it. There are as always pros and cons so do your homework before you put it on a production server.

Greylisting.org
Greylisting on Wikipedia

There are several implementations of greylisting and it can be done with most any server. I will show you how to do it on a Debian Sarge with Postfix running as MTA with Postgrey.

Install Postgrey

I assume you have a working Postfix installation. Requirements for postgrey are:
- Perl >= 5.6.0
- Net::Server (Perl Module)
- IO::Multiplex (Perl Module)
- BerkeleyDB (Perl Module)
- Berkeley DB >= 4.1 (Library)

First we install the postgrey package with :
Code:
apt-get install postgrey
This will install the postgrey server on your machine. Now we might want to change some settings. The most annoying thing with greylisting is that it impose a delay on the delivery of mails. I find the 5 minute delay that is default to be a little too long so I set it to 1 minute. If you wish you can change this by editing /etc/default/postgrey. Change the default :
Code:
POSTGREY_OPTS="--inet=127.0.0.1:60000"
to
Code:
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=60"
However I would suggest changing the defaults only after you have verified that everything works as expected.

Now start the postgrey policyserver with :
Code:
/etc/init.d/postgrey start
The Postgrey policy service should now be up and running on port 60000. Let's configure Postfix to use Postgrey.

Configure Postfix

The Postfix configuration files are located in /etc/postfix. Edit /etc/postfix/main.cf and add check_policy_service inet:127.0.0.1:60000 to the smtpd_recipient_restrictions.
It should look something like this :
Code:
smtpd_recipient_restrictions = permit_sasl_authenticated,
                       permit_mynetworks,
                       reject_unauth_destination,
                       check_policy_service inet:127.0.0.1:60000
Now all we have to do is to reload the Postfix configuration with :
Code:
postfix reload
Simple and nice. Sit back and enjoy the absence of spam

//Erk

PS. This is really not a ISPC specific HowTo but I thought I would post it here first.

Last edited by erk; 27th June 2006 at 00:19.
Reply With Quote
The Following 2 Users Say Thank You to erk For This Useful Post:
SneakyWho_am_i (18th June 2008), Telesat (7th September 2007)
Sponsored Links
  #2  
Old 27th June 2006, 17:45
DerLobo DerLobo is offline
Junior Member
 
Join Date: Jun 2006
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Wow,

very helpfull.

Thank you very much.

Regards from Thailand,

Lobo
Reply With Quote
  #3  
Old 27th June 2006, 20:52
DerLobo DerLobo is offline
Junior Member
 
Join Date: Jun 2006
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
I assume you have a working Postfix installation. Requirements for postgrey are:
- Perl >= 5.6.0
- Net::Server (Perl Module)
- IO::Multiplex (Perl Module)
- BerkeleyDB (Perl Module)
- Berkeley DB >= 4.1 (Library)
If not, no worry
apt-get install postgrey
will install all requirements.
__________________
.......
Greatings from

Lobo

Location: Thailand - Phuket Islands
Connection: TOT DSL 1.000 (slow)
System: Debian Sarge 3.1 - Postfix - ProFTP - Spamassassin -ISPC
Hardware: Dell Dual Xeon 2x3,0Ghz, 2048 RAM, 240 GB HDD
Reply With Quote
  #4  
Old 27th June 2006, 22:08
erk erk is offline
Member
 
Join Date: Oct 2005
Location: Göteborg, Sweden
Posts: 41
Thanks: 0
Thanked 4 Times in 3 Posts
Default

Yep, you are right, Debian apt-get will install the requirements but if you want to install for a different distro or from source tarball I thought it was prudent to point out the requirements.

//Erk
Reply With Quote
The Following User Says Thank You to erk For This Useful Post:
Telesat (7th September 2007)
  #5  
Old 1st September 2006, 08:43
farao farao is offline
Member
 
Join Date: Sep 2005
Posts: 42
Thanks: 0
Thanked 1 Time in 1 Post
Default

Dear all,

After installing Postgrey last night, and verifying it actually works, I set the delay-option to 60 seconds. But then I found it delays my messages for too long.
In my headers, I see entries like:
X-Greylist: delayed 1025 seconds by postgrey-1.24 (...blah blah)

Another test gave me a 1101 second delay.
Does anyone have an idea what could be the problem?

Thanks.
Reply With Quote
  #6  
Old 3rd September 2006, 18:47
torusturtle torusturtle is offline
Senior Member
 
Join Date: Apr 2006
Posts: 296
Thanks: 21
Thanked 24 Times in 16 Posts
Send a message via ICQ to torusturtle Send a message via AIM to torusturtle
Default

Thanks erk!
Reply With Quote
  #7  
Old 8th September 2006, 15:36
martinmuc martinmuc is offline
Junior Member
 
Join Date: May 2006
Posts: 10
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by farao
Dear all,

After installing Postgrey last night, and verifying it actually works, I set the delay-option to 60 seconds. But then I found it delays my messages for too long.
In my headers, I see entries like:
X-Greylist: delayed 1025 seconds by postgrey-1.24 (...blah blah)

Another test gave me a 1101 second delay.
Does anyone have an idea what could be the problem?

Thanks.
Hi, you completely misunderstood greylisting.
Please read the documentation before you use greylisting and how e-mail works. Otherwise it could happen that your server is blocking all mails.

The delay-Parameter does not define, when the e-mail should arrive your server (60 seconds). It defines that the e-mail is accepted in 60 seconds.
You have no influence when the sending e-mail server will retry to send the e-mail, after you greylisted it.
Before these 60 seconds the server will not accept the email.

I used 360 seconds, because spammers will try it in 60 seconds again :-)
There is a second parameter, how long you will accept the e-mail --retry-windows=2h
This defines that you accept the emails 2 hours after you have greylisted the email (first contact). Now the email must be incoming between the first 360 seconds and 2 hours, after 2 hours it would be greylisted again.

Hope this helps :-)


Martin
Reply With Quote
  #8  
Old 8th September 2006, 16:12
sjau sjau is offline
Local Meanie
 
Join Date: Apr 2006
Location: Switzerland
Posts: 1,126
Thanks: 4
Thanked 43 Times in 40 Posts
Default

I set my server to 15min before it allows that... I guess for the moment that's enough delay
Reply With Quote
  #9  
Old 12th September 2006, 10:13
farao farao is offline
Member
 
Join Date: Sep 2005
Posts: 42
Thanks: 0
Thanked 1 Time in 1 Post
Default

@martinmuc: Thanks, this helps indeed. I kind of figured out that the sending server is the one responsible for the actual delay, since my postfix-server can't resend that mail. I just thought that mailservers would retry continuous for say two days, my bad. The time window explanation completely cleared the fog for me, I'll just give mail a day to reach me, after that, the urgency is most often gone anyway.
I'll change the settings tonight, and see what happens.
Guess I'll have to add some domains to the postgrey-whitelist as well...

What are your experiences with average delay-times?
And now that I'm asking: I want to run a mailman listservice on a subdomain, can I exclude domains from postgrey-processing? It would be nasty to first delay the original post, and then further delay the mailman-mails to recipients on the same box.
Ouch, maybe I should just stick to spamassassin and skip the greylisting.

Thanks.

Last edited by farao; 12th September 2006 at 10:18.
Reply With Quote
The Following User Says Thank You to farao For This Useful Post:
ailesqcahvsa7752 (15th November 2012)
  #10  
Old 27th February 2007, 03:14
Telesat Telesat is offline
Junior Member
 
Join Date: Feb 2007
Posts: 28
Thanks: 18
Thanked 1 Time in 1 Post
 
Default

Martin, it should be --retry-window=2h

I won't retry Windows
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 10:00.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.