Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 13th September 2010, 06:25
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Yesterday, Postgrey kept 112 from reaching my inbox. This doesn't take into account the numerous blocks from the blacklists in use above or spamassassin.

I had ZERO spam emails in my inbox today. That hasn't happened in a longgggg time!
__________________
ISPC3 on Debian! It's great!
Reply With Quote
Sponsored Links
  #12  
Old 13th September 2010, 06:26
abubin abubin is offline
Member
 
Join Date: Mar 2010
Posts: 81
Thanks: 0
Thanked 2 Times in 2 Posts
Default

postgrey, like it's name suggested is for greylisting emails. Greylisting works in such a way that emails are put in "on-hold" for 5 minutes (in default config) before delivery. The reason behind this is because if the email is valid, no more will come into the server. If it is spam, you will get more of the same email bombarding the server thus postgrey will know those are spam.

It was said to be not a "permanent" solution to fight spam because the method is "raw" and soon spammer will found a way to overcome this. However, I have encountered greylisting a lot of times and found it to work great and produce very little false positives. It also works great in combination with spamassassin.

Only downside to this is that emails need to wait for 5 mins before it get delivered to recipient.
Reply With Quote
  #13  
Old 13th September 2010, 06:29
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

The hold-time can be changed.

Further, I am testing a mixture that will allow almost immediate determinations of most email. And if it seems to still be an email with problems, it will hit the 5 minute window.

So I really recommend the procedure outlined above. Once there's new stuff to add, I'll update it so that we all can continue to benefit from mail filtration.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #14  
Old 15th September 2010, 17:34
Antennipasi Antennipasi is offline
ISPConfig Developer
 
Join Date: Dec 2008
Location: Finland
Posts: 67
Thanks: 6
Thanked 13 Times in 12 Posts
Default

Quote:
Originally Posted by abubin View Post
Greylisting works in such a way that emails are put in "on-hold" for 5 minutes (in default config) before delivery. The reason behind this is because if the email is valid, no more will come into the server. If it is spam, you will get more of the same email bombarding the server thus postgrey will know those are spam.
No, it does _not_ work this way, please read:
http://en.wikipedia.org/wiki/Greylisting

In short, greylisting temporarily rejects incoming mail and send notice about it to originating mailserver, and if retry ever comes, mail is accepted for delivery.

We have been using greylisting for 5+ years now without problems. Combined with couple blacklists and amavis things are working quite well.
Reply With Quote
  #15  
Old 15th September 2010, 17:41
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

You misconstrue the point of that message.

I understand how it operates; however, there were concerns about the loss of email and delays.

A short explanation that the emails are basically held undelivered for five minutes by default is true locally.

Yes a response is sent to the originator in an attempt to verify authenticity and legitimate email. I do believe I mentioned the process and how it works before as well.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #16  
Old 15th September 2010, 18:18
Antennipasi Antennipasi is offline
ISPConfig Developer
 
Join Date: Dec 2008
Location: Finland
Posts: 67
Thanks: 6
Thanked 13 Times in 12 Posts
Default

Quote:
Originally Posted by crypted View Post
I do believe I mentioned the process and how it works before as well.
Yes, you did, but "abubin", who i was replying, seemed not understood mechanism correctly.
Reply With Quote
  #17  
Old 15th September 2010, 18:23
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Ah you know my eyes don't work very well! Sorry for that!

For all of the followers, I hope to have a big howto with graph monitoring and some extra filtration options included by mid-October.

Military is keeping me busy right now so not much extra time to experiment.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #18  
Old 16th September 2010, 02:07
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 217
Thanks: 21
Thanked 16 Times in 16 Posts
Default

In the last 24 hour period my top 20 list showed roughly 5000 emails (1200 to one user!).

Now...there were plenty of false positives so I have a question:

in whitelisting: Do I enter the full server domain or will the main domain work? Example: my greylist shows yyy.domain.com, but I want to whitelist domain.com completely. Do I enter domain.com in the whitelist or do I need a regex to allow for *.domain.com?

In your postgrey script: Is this telling me all those emails (in the first section of the script output) are ones that were blocked, or just greylisted and possibly let through? Just looking for clarification on the output of the script.

Nice work!
Reply With Quote
  #19  
Old 16th September 2010, 02:12
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Okay, you can whitelist either way. I have been doing "domain.com" on the few I had to add. You can get specific but no point unless it's a domain that has half legit and half spam emails, which doesn't seem likely!

The email is telling you all that has been greylisted.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
  #20  
Old 22nd September 2010, 01:00
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
 
Default

Anyone having problems with this setup at all? Any other thoughts?

I'm about done with an upgraded HOWTO that will add some good graphs and a daily email that provides better details.

Basically, I'm just combining a lot of useful things out there for everyone... So input is worth while as I continue to help us all in the spam fight.
__________________
ISPC3 on Debian! It's great!
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 16:17
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37
complete spam protection with postfix - howto alexnz Server Operation 1 22nd June 2006 14:06
Howto let procmail move spam to folder? oversight HOWTO-Related Questions 9 1st May 2006 15:39
Webmin docs missing namit Server Operation 11 5th January 2006 09:51


All times are GMT +2. The time now is 07:14.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.