|
Size: 3285
Comment: Updated commands and paths to current pkgs, removed outdated notes about intrepid and jaunty, updated example outputs
|
Size: 5456
Comment: Add "Whitelisting" header, elaborate on whitelisting and installation, extra paragraphs and formatting for readability
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 7: | Line 7: |
| [[http://projects.puremagic.com/greylisting/|Greylisting]] is a spam-reduction technique which can be very effective. It works by delaying mail from untrusted senders. If the sending mail server is standards-compliant, it will re-send the e-mail, and the server will accept it. Most spam mailers, however, don't re-send the mail, and so the spam is blocked. Servers that re-send the mail will be added to a white list, and will not be delayed in future. This means that the first e-mail from a given sender will be delayed, but subsequent ones will not be. | [[http://projects.puremagic.com/greylisting/|Greylisting]] is a spam-reduction technique which can be very effective. It works by delaying mail from unknown senders, and to recipients that - to the greylisting service's knowledge - have not received mail before. If the sending mail server is standards-compliant, it will attempt to re-send its e-mail message after some time, and your receiving mail server will then accept it. Most spam mailers, on the other hand, do not re-send delayed messages. Thus, in theory, greylisting effectively blocks the majority of spammers. Servers that re-send the mail will be added to a list of known clients, and will not be delayed in the future. This means that the first e-mail from a given sender will be delayed, but subsequent ones will be received right away. |
| Line 11: | Line 15: |
| Simply install the {{{postgrey}}} package and any dependencies. Note that it is in the {{{universe}}} repository. See the InstallingSoftware page for more information on installing packages. | Check that you have enabled the {{{universe}}} repository in '''/etc/apt/sources.list''' before attempting to install Postgrey. See [[https://help.ubuntu.com/community/Repositories/CommandLine#Adding_Repositories|Adding Repositories]] if you need info on how to do this. Install the {{{postgrey}}} package and its dependencies with the following command: {{{ sudo apt-get install postgrey }}} |
| Line 15: | Line 25: |
| You need to instruct postfix to use postgrey. You can either manually edit /etc/postfix/main.cf and on parameter '''smtpd_recipient_restrictions''' add {{{check_policy_service inet:127.0.0.1:10023}}} or run the following command to configure Postfix to use Postgrey: | In this guide, we assume that Postgrey is listening on port number 10023. The default port has been known to vary between versions, so you should check this in '''/var/log/mail.log''' to make sure you have the correct configuration value for Postfix. In Ubuntu 14.04 and 16.04, enter the following command to find the relevant log line: {{{ sudo grep postgrey /var/log/mail.log | grep -i resolved }}} You should see an output similar to this: {{{ Jul 29 13:40:26 mailserver postgrey[16036]: Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4 }}} If you need Postgrey to use another port, modify the value of the "--inet" paramteter in '''/etc/default/postgrey'''. Now you are ready to instruct Postfix to use Postgrey. To accomplish this, you can either edit '''/etc/postfix/main.cf''' manually and add {{{check_policy_service inet:127.0.0.1:10023}}} to the parameter smtpd_recipient_restrictions or have the '''postconf''' command set the complete parameter for you. The latter can be done by entering e.g. the following command: |
| Line 21: | Line 49: |
| '' Note: the port number has been known to vary depending on the version of the package. Fortunately, Postgrey prints the ports it is listening on when it starts. Have a look at /var/log/mail.log if you are unsure.'' Then run the following to reload the Postfix configuration: |
Finally, run the following command to reload the Postfix configuration: |
| Line 29: | Line 55: |
| You may need to modify the whitelisting of certain domains or users. To do so, use the files in '''/etc/postgrey/'''. | = In Use = |
| Line 31: | Line 57: |
| The default delay is 300 seconds (5 minutes), to change this value edit '''/etc/default/postgrey'''. Add --delay=N to the POSTGREY_OPTS: | Once Postgrey is running and in use by Postfix, entries will start to appear in {{{/var/log/mail.log}}}. To see the ones printed by Postfix whenever it gets told to delay a message, run: |
| Line 34: | Line 60: |
| POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=60" | sudo grep -i postfix/smtpd /var/log/mail.log | grep -i greylisted |
| Line 37: | Line 63: |
| = In Use = Once Postgrey is running, entries will start to appear in {{{/var/log/mail.log}}}. To see the ones printed by Postfix, run {{{sudo grep -i greylisted /var/log/mail.log}}}. Entries will look something like: |
Entries will look something like this: |
| Line 45: | Line 69: |
| Postgrey also writes its own log entries with a bit of extra information. To see them, run e.g. {{{sudo grep -i postgrey | grep -i "action=greylist"}}}. Entries will look something like: | Postgrey also writes its own log entries. To see the ones it generates whenever it tells Postfix to delay a message, enter: {{{ sudo grep -i postgrey /var/log/mail.log | grep -i action=greylist }}} Entries will look something like this: |
| Line 50: | Line 81: |
| In addition, e-mails that have been greylisted will have an {{{X-Greylist}}} header, e.g.: | In addition, messages that have been delayed due to greylisting will have an {{{X-Greylist}}} header, e.g.: |
| Line 55: | Line 86: |
The default delay - i.e. the amount of time that must pass before Postgrey will accept a retry from the greylisted client - is 300 seconds (5 minutes). To change this value, edit '''/etc/default/postgrey''' and add the '''--delay=N''' argument to POSTGREY_OPTS, where N is the desired delay in seconds. E.g., for a 60-second delay: {{{ POSTGREY_OPTS="--inet=127.0.0.1:10023 --delay=60" }}} = Whitelisting = You may want to prevent certain senders (known as "clients" in Postgrey) and/or local recipients from getting their mails delayed by greylisting. Before you start gathering domain names, you should have a look at the file '''/etc/postgrey/whitelist_clients'''. In Ubuntu and other Debian derivatives, the default version of {{{whitelist_clients}}} contains many domains of mail providers (e.g. Google) whose servers are known to transfer legitimate mail. To add your own list of whitelisted clients in addition to the ones that ship with Postgrey by default, add the file '''/etc/postgrey/whitelist_clients.local''' and enter one host or domain per line. Remember to reload your configuration so that Postgrey can pick up your changes. In Ubuntu 16.04, enter the following command: {{{ sudo systemctl reload postgrey }}} |
|
Needs Expansion |
Introduction
Greylisting is a spam-reduction technique which can be very effective. It works by delaying mail from unknown senders, and to recipients that - to the greylisting service's knowledge - have not received mail before.
If the sending mail server is standards-compliant, it will attempt to re-send its e-mail message after some time, and your receiving mail server will then accept it. Most spam mailers, on the other hand, do not re-send delayed messages. Thus, in theory, greylisting effectively blocks the majority of spammers.
Servers that re-send the mail will be added to a list of known clients, and will not be delayed in the future. This means that the first e-mail from a given sender will be delayed, but subsequent ones will be received right away.
Installation
Check that you have enabled the universe repository in /etc/apt/sources.list before attempting to install Postgrey. See Adding Repositories if you need info on how to do this.
Install the postgrey package and its dependencies with the following command:
sudo apt-get install postgrey
Configuration
In this guide, we assume that Postgrey is listening on port number 10023. The default port has been known to vary between versions, so you should check this in /var/log/mail.log to make sure you have the correct configuration value for Postfix.
In Ubuntu 14.04 and 16.04, enter the following command to find the relevant log line:
sudo grep postgrey /var/log/mail.log | grep -i resolved
You should see an output similar to this:
Jul 29 13:40:26 mailserver postgrey[16036]: Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
If you need Postgrey to use another port, modify the value of the "--inet" paramteter in /etc/default/postgrey.
Now you are ready to instruct Postfix to use Postgrey.
To accomplish this, you can either edit /etc/postfix/main.cf manually and add check_policy_service inet:127.0.0.1:10023 to the parameter smtpd_recipient_restrictions or have the postconf command set the complete parameter for you. The latter can be done by entering e.g. the following command:
sudo postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023'
Finally, run the following command to reload the Postfix configuration:
sudo postfix reload
In Use
Once Postgrey is running and in use by Postfix, entries will start to appear in /var/log/mail.log. To see the ones printed by Postfix whenever it gets told to delay a message, run:
sudo grep -i postfix/smtpd /var/log/mail.log | grep -i greylisted
Entries will look something like this:
Jul 24 16:00:57 mailserver postfix/smtpd[12524]: NOQUEUE: reject: RCPT from mail.server.com[1.2.3.4]: 450 4.2.0 <someone@somedomain.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/somedomain.com.html; from=<bounce-someone.else@anotherdomain.com> proto=ESMTP helo=<mail.server.com>
Postgrey also writes its own log entries. To see the ones it generates whenever it tells Postfix to delay a message, enter:
sudo grep -i postgrey /var/log/mail.log | grep -i action=greylist
Entries will look something like this:
Jul 24 16:00:57 mailserver postgrey[1420]: action=greylist, reason=new, client_name=mail.server.com, client_address=1.2.3.4, sender=bounce-mc.us11_12345678.998765-someone=somedomain.com@mail.server.com, recipient=someone@somedomain.com
In addition, messages that have been delayed due to greylisting will have an X-Greylist header, e.g.:
X-Greylist: delayed 1541 seconds by postgrey-1.34 at mail.server.com; Sun, 24 Jul 2016 16:26:38 CEST
The default delay - i.e. the amount of time that must pass before Postgrey will accept a retry from the greylisted client - is 300 seconds (5 minutes). To change this value, edit /etc/default/postgrey and add the --delay=N argument to POSTGREY_OPTS, where N is the desired delay in seconds.
E.g., for a 60-second delay:
POSTGREY_OPTS="--inet=127.0.0.1:10023 --delay=60"
Whitelisting
You may want to prevent certain senders (known as "clients" in Postgrey) and/or local recipients from getting their mails delayed by greylisting.
Before you start gathering domain names, you should have a look at the file /etc/postgrey/whitelist_clients.
In Ubuntu and other Debian derivatives, the default version of whitelist_clients contains many domains of mail providers (e.g. Google) whose servers are known to transfer legitimate mail.
To add your own list of whitelisted clients in addition to the ones that ship with Postgrey by default, add the file /etc/postgrey/whitelist_clients.local and enter one host or domain per line.
Remember to reload your configuration so that Postgrey can pick up your changes. In Ubuntu 16.04, enter the following command:
sudo systemctl reload postgrey