Difference between revisions of "Postfix greylisting"

From Finninday
Jump to: navigation, search
m (Reverted edits by Ezekypy (Talk) to last revision by Rday)
Line 27: Line 27:
  
 
My Bayes filter might get rusty from lack of use now.  Hardly anything is persistent enough to get through the greylist.
 
My Bayes filter might get rusty from lack of use now.  Hardly anything is persistent enough to get through the greylist.
 +
 +
 +
=== On CentOS ===
 +
# yum install postgrey
 +
 +
# add the policy to smtpd_recipient_restrictions in main.cf:
 +
 +
smtpd_recipient_restrictions =
 +
  permit_mynetworks,
 +
  reject_unauth_destination,
 +
  check_policy_service unix:postgrey/socket,
 +
 +
# enable the service and start the service
 +
 +
systemctl enable postgrey
 +
systemctl start postgrey
 +
 +
# reload postfix
 +
 +
==== get reports ====
 +
# cat /var/log/maillog | postgreyreport --delay=30

Revision as of 18:41, 28 January 2022

On a lark, I decided to implement greylisting on my mail server. It was as easy as "apt-get install postgrey". Well, almost that easy. I also had to add this to my /etc/postfix/main.cf: 

   check_policy_service inet:127.0.0.1:60000

This was slipped in at the end of smtpd_recipient_restrictions.

update Now postgrey is running on port 10023, so that line is now 

check_policy_service inet:127.0.0.1:10023

The full smtpd_recipient_restrictions looks like this: 

smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_hostname,   reject_non_fqdn_sender, reject_non_fqdn_recipient,  reject_unknown_sender_domain,   reject_unknown_recipient_domain,    reject_unauth_pipelining,   permit_mynetworks,  permit_sasl_authenticated,  reject_unauth_destination,  check_policy_service inet:127.0.0.1:10023, check_policy_service unix:private/policy-spf

Now I have a new service in /etc/init.d: postgrey

Every attempt to deliver mail to my server generates a to, from, sending-host triplet and the request is bounced. After 5 minutes, any requests bearing that same triplet are allowed. After 5 successful mails are sent associated with a single triplet it is whitelisted.

And my logs look like this: 

Oct 17 16:16:32 localhost postfix/smtpd[32484]: connect from unknown[201.226.226.55]
Oct 17 16:16:35 localhost postfix/smtpd[32484]: NOQUEUE: reject: RCPT from unknown[201.226.226.55]: 450 <rday@finninday.net>: Recipient address rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help/finninday.net.html); from=<lingrossfastenrathmet@grossfastenrath.de> to=<rday@finninday.net> proto=ESMTP helo=<auditoria01.cwpanama.net>
Oct 17 16:16:35 localhost postfix/smtpd[32484]: lost connection after DATA from unknown[201.226.226.55]
Oct 17 16:16:35 localhost postfix/smtpd[32484]: disconnect from unknown[201.226.226.55]

My Bayes filter might get rusty from lack of use now. Hardly anything is persistent enough to get through the greylist.


On CentOS

# yum install postgrey

# add the policy to smtpd_recipient_restrictions in main.cf:

smtpd_recipient_restrictions =
  permit_mynetworks,
  reject_unauth_destination,
  check_policy_service unix:postgrey/socket,

# enable the service and start the service

systemctl enable postgrey
systemctl start postgrey

# reload postfix

get reports

# cat /var/log/maillog | postgreyreport --delay=30
Retrieved from "https://finninday.net/wiki/index.php?title=Postfix_greylisting&oldid=5329"