HOWTO: Spam control for POSTFIX

[crypted]

Yesterday, Postgrey kept 112 from reaching my inbox. This doesn't take into account the numerous blocks from the blacklists in use above or spamassassin.

I had ZERO spam emails in my inbox today. That hasn't happened in a longgggg time!

[abubin]

postgrey, like it's name suggested is for greylisting emails. Greylisting works in such a way that emails are put in "on-hold" for 5 minutes (in default config) before delivery. The reason behind this is because if the email is valid, no more will come into the server. If it is spam, you will get more of the same email bombarding the server thus postgrey will know those are spam.

It was said to be not a "permanent" solution to fight spam because the method is "raw" and soon spammer will found a way to overcome this. However, I have encountered greylisting a lot of times and found it to work great and produce very little false positives. It also works great in combination with spamassassin.

Only downside to this is that emails need to wait for 5 mins before it get delivered to recipient.

[crypted]

The hold-time can be changed.

Further, I am testing a mixture that will allow almost immediate determinations of most email. And if it seems to still be an email with problems, it will hit the 5 minute window.

So I really recommend the procedure outlined above. Once there's new stuff to add, I'll update it so that we all can continue to benefit from mail filtration.

[Antennipasi]

Quote:

Originally Posted by abubin

Greylisting works in such a way that emails are put in "on-hold" for 5 minutes (in default config) before delivery. The reason behind this is because if the email is valid, no more will come into the server. If it is spam, you will get more of the same email bombarding the server thus postgrey will know those are spam.

No, it does _not_ work this way, please read:
http://en.wikipedia.org/wiki/Greylisting

In short, greylisting temporarily rejects incoming mail and send notice about it to originating mailserver, and if retry ever comes, mail is accepted for delivery.

We have been using greylisting for 5+ years now without problems. Combined with couple blacklists and amavis things are working quite well.

[crypted]

You misconstrue the point of that message.

I understand how it operates; however, there were concerns about the loss of email and delays.

A short explanation that the emails are basically held undelivered for five minutes by default is true locally.

Yes a response is sent to the originator in an attempt to verify authenticity and legitimate email. I do believe I mentioned the process and how it works before as well.

[Antennipasi]

Quote:

Originally Posted by crypted

I do believe I mentioned the process and how it works before as well.

Yes, you did, but "abubin", who i was replying, seemed not understood mechanism correctly.

[crypted]

Ah you know my eyes don't work very well! Sorry for that!

For all of the followers, I hope to have a big howto with graph monitoring and some extra filtration options included by mid-October.

Military is keeping me busy right now so not much extra time to experiment.

[Turbanator]

In the last 24 hour period my top 20 list showed roughly 5000 emails (1200 to one user!).

Now...there were plenty of false positives so I have a question:

in whitelisting: Do I enter the full server domain or will the main domain work? Example: my greylist shows yyy.domain.com, but I want to whitelist domain.com completely. Do I enter domain.com in the whitelist or do I need a regex to allow for *.domain.com?

In your postgrey script: Is this telling me all those emails (in the first section of the script output) are ones that were blocked, or just greylisted and possibly let through? Just looking for clarification on the output of the script.

Nice work!

[crypted]

Okay, you can whitelist either way. I have been doing "domain.com" on the few I had to add. You can get specific but no point unless it's a domain that has half legit and half spam emails, which doesn't seem likely!

The email is telling you all that has been greylisted.

[crypted]

Anyone having problems with this setup at all? Any other thoughts?

I'm about done with an upgraded HOWTO that will add some good graphs and a daily email that provides better details.

Basically, I'm just combining a lot of useful things out there for everyone... So input is worth while as I continue to help us all in the spam fight.