Search Site:

About

Linux

Printers?

Programming

Windows?

Download

Skins

Edit - To Do - AllRecentChanges

Recent Changes Printable View Page History Edit Page

Introduction

Greylisting is a technique used to block bad mail clients of the sort used as spambots before they have a chance to dump their load into our mail server.
Whenever a mail server connects to our server to deliver mail we will initially refuse the connection, asking them to retry a few minutes later. A normally behaved mail server will systematically retry. Postgrey will recognized the second attempt and will let it through.

Most spammers don't have the luxury of keeping track of all the emails they have to resend and just move on to their next target. This is because sending email takes resources, and delaying and resending takes more resources than it's worth to them: their objectives is to dump as much spam as quickly as possible before their become blacklisted. Their window of opportunity is quite narrow.

Greylisting can be configured to let through some recipients or some servers that we know are friendly. At any rate you should not lose any mail because of greylisting: any mail sent through a RFC compliant (normal) mail server will end up being delivered.
The only downside to greylisting is that it introduces a short few minutes delay in mail delivery. I don't know about you, but given the recent spam increase, I can live with that!

Installing postgrey

There are ready-made packages that come already preconfigured:

# yum -t postgrey
# chkconfig --levels 235 postgrey on

This will install in your /etc/postfix folder a few files that can be used to tweak postgrey's behaviour.
The postgrey_whitelist_clients.local is the only one that's really interesting: it allow you to include regular expressions that, if any incoming email match any of the rules, allow the email to pass through postgrey.

To find out the format of the rules, check the content of postgrey_whitelist_clients that already contains a few rules.

Any non-matching email will be at first rejected for a few minutes so its sending server can try again to submit it through.
On the second try, the email will pass through normally.

Setting up postfix

Postfix needs to be made aware of postgrey or it won't use it.
In your /etc/postfix/main.cf, make sure that you update the following policies:

smtpd_recipient_restrictions =
  permit_mynetworks
  permit_sasl_authenticated
  reject_unauth_destination
  reject_invalid_hostname
  reject_unknown_sender_domain
  check_policy_service unix:/var/spool/postfix/postgrey/socket

Then restart postfix and the postgrey services:

# service postgrey restart
# service postfix restart

Resources

< SpamAssassin | EmailServer | RoundCube >

Edit Page - Page History - Printable View - Recent Changes - WikiHelp - Search - RSS -
Page last modified on Thursday 23 April 2009, at 01:37 GMT+8 - Viewed 2446 times