|
Size: 2920
Comment:
|
Size: 3285
Comment: Updated commands and paths to current pkgs, removed outdated notes about intrepid and jaunty, updated example outputs
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 21: | Line 21: |
| '' Note: the port number seems to vary depending on the version of the package. On 8.04LTS, it is 60000, while on jaunty it is 10023. Fortunately Postgrey prints the ports it is listening on when it starts. Have a look at /var/log/mail.info if you are unsure.'' | '' Note: the port number has been known to vary depending on the version of the package. Fortunately, Postgrey prints the ports it is listening on when it starts. Have a look at /var/log/mail.log if you are unsure.'' |
| Line 26: | Line 26: |
| sudo /etc/init.d/postfix reload | sudo postfix reload |
| Line 39: | Line 39: |
| Once Postgrey is running, entries will start to appear in {{{/var/log/mail.log}}}. To see them, run {{{sudo grep -i greylisted /var/log/mail.log}}}. Entries will look something like: | Once Postgrey is running, entries will start to appear in {{{/var/log/mail.log}}}. To see the ones printed by Postfix, run {{{sudo grep -i greylisted /var/log/mail.log}}}. Entries will look something like: |
| Line 42: | Line 42: |
| Sep 14 10:44:57 mailserver postfix/smtpd[17049]: NOQUEUE: reject: RCPT from mail.server.com[1.2.3.4]: 450 <someone@somedomain.com>: Recipient address rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help/somedomain.com.html); from=<someone.else@anotherdomain.com> to=<someone@somedomain.com> proto=ESMTP helo=<mail.server.com> | Jul 24 16:00:57 mailserver postfix/smtpd[12524]: NOQUEUE: reject: RCPT from mail.server.com[1.2.3.4]: 450 4.2.0 <someone@somedomain.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/somedomain.com.html; from=<bounce-someone.else@anotherdomain.com> proto=ESMTP helo=<mail.server.com> |
| Line 45: | Line 45: |
| In addition, e-mails that have been greylisted will have an {{{X-Greylist}}} header, eg: | Postgrey also writes its own log entries with a bit of extra information. To see them, run e.g. {{{sudo grep -i postgrey | grep -i "action=greylist"}}}. Entries will look something like: {{{ Jul 24 16:00:57 mailserver postgrey[1420]: action=greylist, reason=new, client_name=mail.server.com, client_address=1.2.3.4, sender=bounce-mc.us11_12345678.998765-someone=somedomain.com@mail.server.com, recipient=someone@somedomain.com }}} In addition, e-mails that have been greylisted will have an {{{X-Greylist}}} header, e.g.: |
| Line 48: | Line 53: |
| X-Greylist: delayed 1201 seconds by postgrey-1.24 at mail.server.com; Fri, 14 Sep 2007 11:04:58 BST | X-Greylist: delayed 1541 seconds by postgrey-1.34 at mail.server.com; Sun, 24 Jul 2016 16:26:38 CEST |
|
Needs Expansion |
Contents |
Introduction
Greylisting is a spam-reduction technique which can be very effective. It works by delaying mail from untrusted senders. If the sending mail server is standards-compliant, it will re-send the e-mail, and the server will accept it. Most spam mailers, however, don't re-send the mail, and so the spam is blocked. Servers that re-send the mail will be added to a white list, and will not be delayed in future. This means that the first e-mail from a given sender will be delayed, but subsequent ones will not be.
Installation
Simply install the postgrey package and any dependencies. Note that it is in the universe repository. See the InstallingSoftware page for more information on installing packages.
Configuration
You need to instruct postfix to use postgrey. You can either manually edit /etc/postfix/main.cf and on parameter smtpd_recipient_restrictions add check_policy_service inet:127.0.0.1:10023 or run the following command to configure Postfix to use Postgrey:
sudo postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023'
Note: the port number has been known to vary depending on the version of the package. Fortunately, Postgrey prints the ports it is listening on when it starts. Have a look at /var/log/mail.log if you are unsure.
Then run the following to reload the Postfix configuration:
sudo postfix reload
You may need to modify the whitelisting of certain domains or users. To do so, use the files in /etc/postgrey/.
The default delay is 300 seconds (5 minutes), to change this value edit /etc/default/postgrey. Add --delay=N to the POSTGREY_OPTS:
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=60"
In Use
Once Postgrey is running, entries will start to appear in /var/log/mail.log. To see the ones printed by Postfix, run sudo grep -i greylisted /var/log/mail.log. Entries will look something like:
Jul 24 16:00:57 mailserver postfix/smtpd[12524]: NOQUEUE: reject: RCPT from mail.server.com[1.2.3.4]: 450 4.2.0 <someone@somedomain.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/somedomain.com.html; from=<bounce-someone.else@anotherdomain.com> proto=ESMTP helo=<mail.server.com>
Postgrey also writes its own log entries with a bit of extra information. To see them, run e.g. sudo grep -i postgrey | grep -i "action=greylist". Entries will look something like:
Jul 24 16:00:57 mailserver postgrey[1420]: action=greylist, reason=new, client_name=mail.server.com, client_address=1.2.3.4, sender=bounce-mc.us11_12345678.998765-someone=somedomain.com@mail.server.com, recipient=someone@somedomain.com
In addition, e-mails that have been greylisted will have an X-Greylist header, e.g.:
X-Greylist: delayed 1541 seconds by postgrey-1.34 at mail.server.com; Sun, 24 Jul 2016 16:26:38 CEST