Debian/Ubuntu Tips and Tricks

Debuntu

Debian/Ubuntu Tips and Tricks

Postfix and Postgrey: A proactive approach to spam filtering

Posted by chantra on November 23rd, 2006

This entry is part 1 of 2 in the series Postfix and Postgrey: A proactive approach to spam filtering

Greylisting is yet another way for preventing your mailbox getting full of spam. A famous spam fighter software is spamassassin which filter emails. Greylisting won't replace such softwares but it will behave as a powerful proactive barrier which will reduce the amount of spam getting through your mail server.

1. Introduction

Greylisting is a great way for fighting spams, the basic idea out of it is that spammers mail servers are not respecting RFC standards specifications which basically says that when an email could not be delivered, the mail server should try again later on. By sending so many emails, spammers can't afford to spend to much resources on resending emails when they could not be delivered, so if the email could not be delivered in the first place, they won't send it back to you.

From this ideas, greylisting simply reject any untrusted mail domain by giving a 450 response code, which means "I can't deal with your request now, please try again later".
As spam mail server are not usually RFC compliant, they won't try back and therefore you won't get the spam.

2. Postgrey

2.1. Introduction

Postgrey is a postfix policy server implementing greylisting.
It is really easy to integrate to postfix and is really effective.

Postgrey approach is to keep a record of the triplet: CLIENT_IP / SENDER / RECIPIENT. If this is the first time the triplet is seen, or if it was first seen less than 5 minutes ago, the triplet is greylisted, and the email will be reject with a temporary error. If the same tuple is seen after 5 minutes and before 35 days, the email will get through.

Note that the 5 minutes and 35 days are default values. Later on, I will explain how to change those.

2.2. Installation

Postgrey being packaged by default on Debian/Ubuntu, it is fairly easy to install. You simply need to run:

$sudo apt-get install postgrey

On Debian likes, postgrey works out of the box. It is by default bound to the loopback interface (127.0.0.1) on port 60000. Therefore, postgrey service is not accessible from the outside.

Now, we need to tell postfix to use postgrey policy server.

3. Configuring postfix

As I say earlier, it is really easy to integrate postgrey to postfix (also you need at least postfix 2.1). It all happens in /etc/postfix/main.cf. So open /etc/postfix/main.cf and make sure check_policy_service inet:127.0.0.1:60000 is added at the end of smtpd_recipient_restrictions so you get something like:

smtpd_recipient_restrictions = permit_mynetworks,
                                permit_sasl_authenticated,
                                reject_unauth_destination,
                                check_policy_service inet:127.0.0.1:60000

Note that your settings might be a bit different

Reload postfix:

$sudo /etc/init.d/postfix reload

and there you go,you have now a working greylisting policy and postfix mail server is going to start rejecting temporarily new incoming emails and you will start seeing:

Nov 23 21:42:10 mymailserver postfix/smtpd[4256]: NOQUEUE: reject: RCPT from spammerrelay.com[xxx.xxx.xxx.xxx]: 450 <recipient@spammed.com>: Recipient address rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help/spammed.com.html); from=<sender@spammer.com> to=<recipient@spammed.com> proto=ESMTP helo=<spammerrelay.com>

From now on, the amount of spam reaching your inbox is going to be drastically reduced.

Now, it is time to get a bit deeper into postgrey for those who want to tweak it up.

Series NavigationPostfix and Postgrey: A proactive approach to spam filtering — page 2 >>

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>