Posted by chantra on November 23rd, 2006
- Postfix and Postgrey: A proactive approach to spam filtering
- Postfix and Postgrey: A proactive approach to spam filtering — page 2
Greylisting is yet another way for preventing your mailbox getting full of spam. A famous spam fighter software is spamassassin which filter emails. Greylisting won't replace such softwares but it will behave as a powerful proactive barrier which will reduce the amount of spam getting through your mail server.
Greylisting is a great way for fighting spams, the basic idea out of it is that spammers mail servers are not respecting RFC standards specifications which basically says that when an email could not be delivered, the mail server should try again later on. By sending so many emails, spammers can't afford to spend to much resources on resending emails when they could not be delivered, so if the email could not be delivered in the first place, they won't send it back to you.
From this ideas, greylisting simply reject any untrusted mail domain by giving a 450 response code, which means "I can't deal with your request now, please try again later".
As spam mail server are not usually RFC compliant, they won't try back and therefore you won't get the spam.
Postgrey approach is to keep a record of the triplet: CLIENT_IP / SENDER / RECIPIENT. If this is the first time the triplet is seen, or if it was first seen less than 5 minutes ago, the triplet is greylisted, and the email will be reject with a temporary error. If the same tuple is seen after 5 minutes and before 35 days, the email will get through.
Note that the 5 minutes and 35 days are default values. Later on, I will explain how to change those.
Postgrey being packaged by default on Debian/Ubuntu, it is fairly easy to install. You simply need to run:
$sudo apt-get install postgrey
On Debian likes, postgrey works out of the box. It is by default bound to the loopback interface (127.0.0.1) on port 60000. Therefore, postgrey service is not accessible from the outside.
Now, we need to tell postfix to use postgrey policy server.
3. Configuring postfix
As I say earlier, it is really easy to integrate postgrey to postfix (also you need at least postfix 2.1). It all happens in /etc/postfix/main.cf. So open /etc/postfix/main.cf and make sure check_policy_service inet:127.0.0.1:60000 is added at the end of smtpd_recipient_restrictions so you get something like:
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000
Note that your settings might be a bit different
$sudo /etc/init.d/postfix reload
and there you go,you have now a working greylisting policy and postfix mail server is going to start rejecting temporarily new incoming emails and you will start seeing:
Nov 23 21:42:10 mymailserver postfix/smtpd: NOQUEUE: reject: RCPT from spammerrelay.com[xxx.xxx.xxx.xxx]: 450 <firstname.lastname@example.org>: Recipient address rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help/spammed.com.html); from=<email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<spammerrelay.com>
From now on, the amount of spam reaching your inbox is going to be drastically reduced.
Now, it is time to get a bit deeper into postgrey for those who want to tweak it up.