In case you think that greylisting might have some disadvantages but give you also some benefits, you probably have thought about to use greylisting with some conditions. For example if you checked some parameters of the mail and you (or better your mailsystem) guess it may be spam, greylisting could be very usefull.
Until now, I was using plain policyd-weight. But mails with $REJECTLEVEL <= score <= $DEFER_LEVEL where in some conditions defered (see policyd-weight default) and if they come back with the same conditions, they will be defered twice. So it makes sence to me to greylist them and if they return within $DEFER_LEVEL, they will pass cause the greylist will allow them.
At first let’s create a restriction class which we can call from policyd-weight within main.cf of postfix:
# restriction class for use with polw (DEFER_ACTION)
smtpd_restriction_classes = greylist
greylist = check_policy_service inet:127.0.0.1:60000
To call postgrey for $REJECTLEVEL <= score <= $DEFER_LEVEL you need to make use of the restriction class “greylist” and let $DEFER_STRING match all defer strings, to get them all greylisted:
# echo “\$DEFER_STRING = ‘NOT’;” >> /etc/policyd-weight.conf
# echo “\$DEFER_ACTION = ‘rc:greylist’;” >> /etc/policyd-weight.conf
# /etc/init.d/postgrey restart
Also you may have a look into The DNSBL countries.nerd.dk. This might be a way to score connections comming from well known spamming countries. But keep in mind, that there may also legitim mails comming from those! ;)
The Conditional greylisting (with postfix, policyd-weight and postgrey) by Cyconet Blog, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License. Terms and conditions beyond the scope of this license may be available at blog.waja.info.
Brunner Bäcker
Aldi
Städtischer Kinderspielplatz
Kindergarten Am Storchennest
Volksfestplatz Bayreuth
[…]Hm… interesting…Should think about…
by gsub_spamCarma_1186990996[…]
[…]
defer message = policyd-weight said: $acl_m7
condition = ${if eq{$acl_m8}{450}{yes}{no}}[/code]
If you want to log the output of policyd-weight in your log files, just remove the hash signs in front of the lines with log_message.
Of course you can test the effectiveness of policyd-weight for first and only log the result. Just comment out the last three ACL verbs (warn, deny and defer; the last 11 lines) and their conditions.
by gsub_spamCarma_1186990996[…]
hello,
I applied your conditional greylisting technique to my postfix / policyd-weight configuration. But I get warnings like these once in a while:
Jan 10 23:03:54 mx01 postfix/policyd-weight[13822]: decided action=rc:greylist Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs (multirecipient mail)
Jan 10 23:03:54 mx01 postfix/smtpd[17309]: warning: access table inet:127.0.0.1:12525 has entry with lookup table: rc:greylist Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs (multirecipient mail)
Jan 10 23:03:54 mx01 postfix/smtpd[17309]: warning: do not specify lookup tables inside SMTPD access maps
Jan 10 23:03:54 mx01 postfix/smtpd[17309]: warning: define a restriction class and specify its name instead.
any ideas?