Skip to main content

Greylisting with postgrey - a spam fighter

Hi there! A couple of days ago, I have setup postgrey. It eliminated 99.9999% of spams entering my users' mailbox. The implementation of greylisting is done at MTA level (postfix) reducing my mailserver load (especially my spam filter). It is like the front-end spam filter before the spams got filtered by anti-spam if they can pass through. It is designed as a complement to existing defenses against spam, and not as a replacement. So far so good. For time being, I guess no spam ever reach my users' mailbox as I went through a couple of test accounts.

*Note: There's one caveat - Greylisting delays all unknown e-mail, not just spam.

The source came with contributed script for reporting. Check it out to see whether your policy really works.

For those new to this, read below:

Your question : What in the hell is postgrey?
My Answer : Postgrey is a Postfix policy server implementing greylisting

Your question : What in the hell is greylisting?
My answer : (see below - taken from here )

Greylisting is a new method of blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mailserver.

Greylisting relies on the fact that most spam sources do not behave in the same way as normal mail systems. Although it is currently very effective by itself, it will perform best when it is used in conjunction with other forms of spam prevention. For a detailed description of the method, see the Whitepaper.

The term Greylisting is meant to describe a general method of blocking spam based on the behavior of the sending server, rather than the content of the messages. Greylisting does not refer to any particular implementation of these methods. Consequently, there is no single Greylisting product. Instead, there are many products that incorporate some or all of the methods described here.

Your question : How does it work actually?
My answer : (see below - taken from wikipedia)

Typically, a server that utilizes greylisting will record the following three pieces of information (known as a triplet) for each incoming mail message:

  • The IP address of the connecting host.
  • The envelope sender address.
  • The envelope recipient address.

This is checked against the mail server's internal whitelist. If any of this information has never been seen before, the email is greylisted for a set period of time (how much time is dependent on the server configuration), and it is refused with a temporary rejection. The assumption is that since temporary failures are built into the RFC specifications for e-mail delivery, a legitimate server will attempt to connect again later on to deliver the e-mail. Don't forget there's still many mailservers do not conform to the RFC.

Greylisting is effective because many mass e-mail tools utilized by spammers are not set up to handle deferrals (they will never bother to retry a failed delivery), so the spam is never delivered.

More information can be obtained here

Your question : Can I use Greylisting on my personal mail account?

My answer : Because Greylisting methods are designed to work at the mail server level, unless you have control of your own mail server, or your ISP has installed a Greylisting implementation for you, you will not be able to take advantage of Greylisting.

Resources:

  1. postgrey home
  2. postfix greylisting policy
  3. What is greylisting?

*UPDATE: I just found a better greylisting solution : sqlgrey.

Comments

Popular posts from this blog

mplayer-gui error : Error in skin config file

After installing mplayer-gui package, I can't start it.

$ gmplayer MPlayer 1.1-4.8 (C) 2000-2012 MPlayer Team mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Error in skin config file on line 6: PNG read error in /usr/share/mplayer/skins/default/main Config file processing error with skin 'default'
After googling a bit, I found out that it was due to the png files in dir /usr/share/mplayer/skins/default. This is the default skin directory. To fix this error, I have to install ImageMagick package because I want to use the convert program to convert all of the png files to format png24. Thus, cd /usr/share/mplayer/skins/default; for FILE in *.png ; do sudo convert $FILE -define png:format=png24 $FILE ; done
Rerun gmplayer and all should be fine.
Have fun!
UPDATE (02-10-2017)

It doesn't work on Ubuntu 16.04 (xenial) but there's a workaround here.

You can update your syst…

Moving your mysql database to another hard disk

Recently, my server's only hard disk was almost full. I bought a new hard disk with bigger size and I decided to just add it as a second hard disk. Since I need to move it to the 2nd hard disk, I need to find a proper way to move the db with minimum downtime. So I googled around and found a solution.
First, I needed to format the 2nd hard disk and I chose xfs as the filesystem. I created 2 partitions using Linux's fdisk for this task. First partition is 10 GB and 2nd one is around 900 GB. That's approximately added up to 1 TB. Then I mounted the 2nd partition in current partition eg /media/hd2 as follows:
mount -t xfs /dev/sdb5 /media/hd2
where /dev/sdb5 is the partition and /media/hd2 is the mounting dir.
Stop mysql db before doing anything:
service mysql stop
Afterthat, I copied the entire db to newly mounted hard disk:
cp -rv /var/lib/mysql /media/hd2
It will take a while if you have huge databases.
Then, change the ownership of the dir to user and group of mysql:
chown -R mysql:…

postfix - mailbox size limit and message size limit

postfix is my MTA of choice. I use it for my mailserver because its simplicity , security and sendmail-compatible (the widely used smtp in the world but not as secure). It is also extensible by plugging other servers for various purposes (antispam, antivirus,database etc).

I had one problem with file attachment larger than 10MB. Users couldn't send it although I have setup squirrelmail (SM) to be able to attach files summed up more than 20MB and I had modified php settings as per here. The problem was not in SM setting. It was postfix. By default, attachment size that can be sent by postfix is 10MB ~ 10240000 byte. How did I know it? I looked in log file (for my system it is in /var/log/mail/errors. For other system, the file to look is /var/log/maillog). The line looked like this:

Feb 26 16:30:53 webmail postfix/sendmail[30775]: fatal: me@mymailserver.org(74): Message file too big


Solution
Open /etc/postfix/main.cf with a text editor of choice and find message_size_limit directive an…