In case you think that greylisting might have some disadvantages but give you also some benefits, you probably have thought about to use greylisting with some conditions. For example if you checked some parameters of the mail and you (or better your mailsystem) guess it may be spam, greylisting could be very usefull.
Until now, I was using plain policyd-weight. But mails with $REJECTLEVEL <= score <= $DEFER_LEVEL where in some conditions defered (see policyd-weight default) and if they come back with the same conditions, they will be defered twice. So it makes sence to me to greylist them and if they return within $DEFER_LEVEL, they will pass cause the greylist will allow them.
At first let’s create a restriction class which we can call from policyd-weight within main.cf of postfix:
# restriction class for use with polw (DEFER_ACTION)
smtpd_restriction_classes = greylist
greylist = check_policy_service inet:127.0.0.1:60000
To call postgrey for $REJECTLEVEL <= score <= $DEFER_LEVEL you need to make use of the restriction class “greylist” and let $DEFER_STRING match all defer strings, to get them all greylisted:
# echo “\$DEFER_STRING = ‘NOT’;” >> /etc/policyd-weight.conf
# echo “\$DEFER_ACTION = ‘rc:greylist’;” >> /etc/policyd-weight.conf
# /etc/init.d/postgrey restart
Also you may have a look into The DNSBL countries.nerd.dk. This might be a way to score connections comming from well known spamming countries. But keep in mind, that there may also legitim mails comming from those! ;)
Today I was crawling through my mail logs for various reasons.
I was really surprised, that I saw a mail to a dedicated mailaddress which I’m using for communication with performancing.com. I was short checking, if this mailaddress is anywhere published at performancing.com, but couldn’t find anything.
A one liner over the last week of mail logs:
# zgrep performancing /var/log/mail.info* | grep clam | wc -l
26
For a address only used for communicating with one organisation (used as contact mail address) this seems a bit too much traffic and this are only the mails, which was accepted by the MTA. So the questions comes to my mind …. what happens with the addresses at performancing.com? Maybe I missed something?
With policyd-weight you are able to reject mails before the body is received by your MTA, here postfix. No bounce mails, less wasted bandwidth and cpu time. policyd-weight scores characteristics of the mail positive or negative, is a defined value reached, it got rejected. The scores are currently:
– DNSBLs/RHSBLs
– HELO argument
– MAIL FROM: argument
– Client IP address
– DNS client/HELO/FROM entries (A/16 A/24 A/32), PTR/FQDN and Parent Domains (MX/16 MX/24 MX/32) for their correctness respectively whether they match.
Continue reading ‘Reduce spam significant’
Today I got some hints how to use different Access Policy Delegation with postfix. This it opens the possibility to use diffrent check_policy_service in dependency on sender address, client ip … and so on.
Continue reading ‘Different Postfix Access Policy Delegation’
