Debianhelp.co.uk


Antispam Implimentation using Postgrey and postfix
What is Postgrey ?

Postgrey is a Postfix policy server implementing greylisting.When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC.

What is Greylisting ?

Greylisting is a simple method of defending electronic mail users against e-mail spam. In short, a mail transfer agent which uses greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again to send it later, at which time the destination will accept it. If the mail is from a spammer, it will probably not be retried, and spam sources which re-transmit later are more likely to be listed in DNSBLs and distributed signature systems such as Vipul's Razor.

Download Postgrey

http://isg.ee.ethz.ch/tools/postgrey/pub/

Requirements For Postgrey

Perl (version = 5.6.0)
Net::Server
IO::Multiplex
BerkeleyDB (Perl module)
Berkeley DB (Library, version = 4.1)

Installing Postgrey in Debian

#apt-get install postgrey

 apt-get install postgrey
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
 libberkeleydb-perl libdb4.3 libdigest-hmac-perl libdigest-sha1-perl libio-multiplex-perl libnet-dns-perl libnet-ip-perl libnet-server-perl
Suggested packages:
 libio-socket-ssl-perl
Recommended packages:
 postfix
The following NEW packages will be installed:
 libberkeleydb-perl libdb4.3 libdigest-hmac-perl libdigest-sha1-perl libio-multiplex-perl libnet-dns-perl libnet-ip-perl libnet-server-perl postgrey
0 upgraded, 9 newly installed, 0 to remove and 223 not upgraded.
Need to get 1043kB of archives.
After unpacking 3293kB of additional disk space will be used.
Do you want to continue? [Y/n]y

This will install postgrey in your machine.You need to change some of the settings for your setup the most important thing with greylisting is that it impose a delay on the delivery of mails. If you find the 5 minute delay that is default to be a little too long you can set it to 1 minute. You can change this by editing /etc/default/postgrey. Change the default

POSTGREY_OPTS="--inet=127.0.0.1:60000"

to

POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=60"

However We would suggest changing the defaults only after you have verified that everything works as expected. It is also worth noticing that a shorter delay will reduce the efficiency of the greylisting.

Now start the postgrey policyserver with

#/etc/init.d/postgrey start

Installing and Configuring Postfix to use Postgrey

If you want to know the postfix installation in debian click here

Configuring Postfix to use Postgrey

The Postfix configuration files are located in /etc/postfix. Edit /etc/postfix/main.cf and add check_policy_service inet:127.0.0.1:60000 to the smtpd_recipient_restrictions. It should look something like this

The Postgrey policy service should now be up and running on port 60000.

 smtpd_recipient_restrictions = permit_sasl_authenticated,
          permit_mynetworks,
          reject_unauth_destination,
          check_policy_service inet:127.0.0.1:60000

Now you need to restart the postfix mail server

#/etc/init.d/postfix restart