Chad Leigh -- Shire.Net LLC
chad at shire.net
Wed Jun 1 14:25:59 PDT 2005
On Jun 1, 2005, at 3:16 PM, Jorn Argelo wrote:
> Chad Leigh -- Shire.Net LLC wrote:
>> On Jun 1, 2005, at 8:07 AM, Bart Silverstrim wrote:
>>> I've been looking into ways of improving our spam filtering.
>>> Currently I'm running postfix with amavisd-new (spamassassin and
>>> clamav), and saw an article on greylisting using postgrey.
>>> Turns out there's a port for it already in FreeBSD.
>> I don't run postifx and the thing I am about to mention I have
>> not tried yet, but you may want to explore modifying your
>> greylisting to be based on spamassassin results.
>> I use exim as the mta and there is a thing called sa-exim that
>> lets you run spamassassin at SMTP time so that you can reject
>> mail if you want before you actually are finished receiving it.
>> The author of sa- exim has modified it to do greylisting based on
>> spamassassing scores generated at smtp time, so that you only
>> greylist mail that is thought to be spam and do not inconvenience
>> your regular users.
>> Can you do spamassassin at smtp time with postfix?
> That's far too complicated. Postgrey does an excellent job.
Yes, normal greylisting works for some people, but in general, it is
not seconds, but minutes (I don't believe that your server tells it
how long to wait, but rather in general greylisting it returns a 4xx
temporary failure error and the sending mail server will
automatically retry within its own retry rules) and lots of people do
not like to have their good mail greylisted at all as it can delay
good mail for minutes or longer, so the one I described above is a
modification on greylisting that allows it to only greylist possible
spam and not all mail.
> I have installed postgrey yesterday, and it works really well. I
> didn't read all the emails regarding this subject, so my apologies
> if I only tell you things you've already heared. Basically it works
> like this:
> You're recieving an e-mail on your mailserver. Postgrey checks if
> it's an e-mail address it has seen before (which it stores in a
> database). If he has, he passed it to amavis where it can be
> processed further. If it isn't a known e-mail address, it
> automatically blacklists the e-mail address for an x amount of
> seconds while sending the sending server a message that it's busy
> and that it should try again in x amount of seconds. Normal
> mailservers wait patiently for those x amount of seconds and try
> sending it again (except for hotmail, who tries to send it every 30
> seconds even if your server tells it to wait 90 seconds). Since
> Postgrey has it stored in the database, the email will be passed
> trough nicely.
> The main advantage of this is that spammers and viruses have
> massive amount of email lists and just try to send it to as many
> people as possible. They are not going to wait and try to send the
> e-mail again, thus you effectively block many amount of spam and
> virus e-mail before it's even being processed by amavis / clamav /
> spamassasin, saving up system resources.
> Configuration of this is really easy. Compile it from the ports,
> change flags in the rc.d script (See man page for more info) and
> put this in your main.cf. Note the space between sevice and inet.
> smtpd_recipient_restrictions = check_policy_service inet:
> Start postgrey from the rc.d script and you're ready to go.
>> freebsd-questions at freebsd.org mailing list
>> To unsubscribe, send any mail to "freebsd-questions-
>> unsubscribe at freebsd.org"
More information about the freebsd-questions