Greylisting - fight Spam with Postgrey and Postfix on Debian and Ubuntu
Ever heard of greylisting?
There are numerous ways to prevent spam from reaching your inbox, the most popular is probably SpamAssassin. Greylisting will not replace spam filtering software like SA but it will serve as a powerful first hurdle for spam thus reducing the ammount of spam entering the system at all. It should rather be seen as an addition to all the other anti spam features of Postfix.
Apart from the obvious benefit of reducing the ammount of spam in your inbox it will give your virus scanner and SpamAssassing less work to do. Both spam filtering and virus scanning is a CPU intesive business and stopping spam in the door will potentially save you money due to reduced hardware requirements.
Greylisting in short means that when someone wants to deliver a mail to your mailserver it will simply reply â€œPlease come back laterâ€?. That is something all RFC compliant mailservers do and when they do come back the mail is accepted. Most spammers and spam software are not compliant and not patient enough to try again. You will be surprised to see how effective this is. Anyway, follow the links below to really learn about it. There are as always pros and cons so do your homework before you put it on a production server.
There are several implementations of greylisting and it can be done with most any server. I will show you how to do it on a Debian Sarge with Postfix running as MTA with Postgrey.
I assume you have a working Postfix installation.
If you use apt-get to install Postgrey the requirements will be handled automagically. However, if you install from source you will have to check it manually.
Requirements for Postgrey are:
- Perl >= 5.6.0
- Net::Server (Perl Module)
- IO::Multiplex (Perl Module)
- BerkeleyDB (Perl Module)
- Berkeley DB >= 4.1 (Library)
I'll recommend to install the postgrey package with apt.
First we install the Postgrey package with :
apt-get install postgrey
This will install the Postgrey server on your machine. You might want to change some settings. The most annoying thing with greylisting is that it impose a delay on the delivery of mails. If you find the 5 minute delay that is default to be a little too long you can set it to 1 minute. You can change this by editing /etc/default/postgrey. Change the default :
However I would suggest changing the defaults only after you have verified that everything works as expected. It is also worth noticing that a shorter delay will reduce the efficiency of the greylisting. Increasing the delay to an hour will be harder on spam but also harder on your users patience. :)
Now start the postgrey policyserver with :
service postgrey start
The Postgrey policy service should now be up and running on port 60000.
Now let's configure Postfix to use Postgrey.
The Postfix configuration files are located in /etc/postfix. Edit /etc/postfix/main.cf and add check_policy_service inet:127.0.0.1:60000 to the smtpd_recipient_restrictions. It should look something like this :
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000
Now all we have to do is to reload the Postfix configuration with :
Simple and nice. Sit back and enjoy the absence of spam :)