Postgrey and the power of Greylisting to fight Spam



Wow…. Let me just say that I have typically been inundated with junk mail on my primary address. It’s associated with this domain and has been hosted in an older sendmail setup for quite some time (not really by choice, but because that’s what was installed on the old vps.) I’m currently migrating to postfix which I’m a bit more familiar with and had used successfully to at least tag my junk mail as SPAM for sorting at home. Well, my older postfix system didn’t have too many options to add on and tweak and so this weekend I’ve invested some time in migrating the main mail server over to a newer postfix install with amavis and postgrey and a few other tools.


What is postgrey? It’s basically a greylisting tool for postfix. It essentially decides whether or not the mail server accepts a message based on a simple rule – “if I’ve seen the ip address/sender/recipient a couple times and it’s been more than 5 minutes between seeing those, it’s probably a legitimate mailserver.” By the same token “if I’ve seen the same triplet in immediate succession it’s not standards compliant and therefore likely a spammer.” Postgrey supports whitelisting if you’re not patient enough to let it build it’s own whitelist.

You should note that it doesn’t specifically reject messages, it simply says try later. If the sending mailserver is standards compliant and waits and then retries a bit later, and then is patient and well behaved and tries again…. the message arrives. If your mailserver just tries to blast the other addresses at your domain then it’s likely a spammer and is consistently asked to wait and try later.

I was really not expecting a great improvement in the volume of junk mail. I’ve used a number of tools in the past from blacklists to making the mailserver wait for 30 seconds before answering, dns tricks, etc. For the most part each of those methods has cut down a bit on the junk, but not put a huge dent in the volume.

I have been pleasantly surprised. Over the last 3 days I have received a grand total of probably 5-6 junk messages. (A few more have sneaked past the OLD mail server which is still configured as an mx at the moment until I’m sure all of my transition is setup.) What would I normally receive…. it’s hard to put an exact number but I would expect about 150 or so junk messages in those days.

So – how is it setup?

For ubuntu it was quite simple – apt-get install postgrey brings in all of it’s dependencies and sets it to run by default as a service. In postfix’s main.cf you need to add the following into your smtpd_recipient_restrictions…. check_policy_service inet:127.0.0.1:10023 (Of course you’ll need to save the changes and reload postfix to have that take effect. Oh, make sure that postgrey is running too.)

450 “try again later” is the official response that postgrey returns. The logic here is that spammers get lot’s of “error/address not found/bounce/shut up and go away spammer” messages and it’s not worth their time to try to get a few more messages delivered by making a mailer that gracefully handles all of these (or one of these.) Hopefully that holds true for quite some time because it’s been a fantastic improvement here.

Some other benefits of using postgrey. Spam messages are stopped before the message is officially accepted. So…. no bounces (backscatter spam), no cpu overhead scanning for viruses, scanning for and tagging as spam, no dns searches to try to validate senders/etc…. So, lower cpu overhead, marginally lower bandwidth.

Related Posts

Blog Traffic Exchange Related Posts
  • How to Remove Eco Antivirus 2010 | Eco Antivirus 2010 Removal Guide Eco Antivirus 2010 is a slight twist (renaming) of the recent Eco Antivirus rogue that has made the rounds. These rogues pretend to be antivirus, or antispyware software, but in reality are not much more than a scam trying to squeeze money out of unsuspecting computer users. These rogue applications......
  • Ways to deal with Junk Mail (2 of 2) Okay, in a previous post I talked about a server side solution for junk mail filtering. Now it's time to ask.... "what if I can't install filtering software on our mailserver?" Here is one way to deal with the answer... Most home users have mail from their internet service provider......
  • Network Security - Hub or Switch? So, for those that have a little bit of knowledge about network hardware, you've probably heard this. "You can't sniff switched networks".... wrong.... let's see what this is about. Older networking hardware was dominated by what's called a hub. This was basically a "dumb" device that when it received data,......
Blog Traffic Exchange Related Websites
  • E Mail Advertising Ways - 4 Methods You Can Use To Enhance The Click On By Rate Of Your Emails E mail advertising ways galore in an effort to improve the click by way of price of your emails. However which tactics work finest? What are a number of the email advertising methods that a number of the big gurus are utilizing as properly? There are a lot of different......
  • Spread your Company's Marketing Message through Corporate Blogging Creating a marketing message is a lot like building a house of cards: The building process can take a long, painstaking amount of time, however it can take mere moments to send everything tumbling. Sometimes all it takes is a single piece of thoughtless communication to completely contradict your......
  • More Adsense Secrets from Viloria.net! Another week, another adsense secret revealed. No guru, it seems, can keep a secret from me! Another adsense guru (actually an internet marketing expert I say...) has agreed to let me in on his insider techniques. Secrets and techniques to further increase our earnings online. Thank you Manuel of http://www.viloria.net......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site