Koozali.org: home of the SME Server

Greylisting on SME 7

Offline bjoyce

  • *
  • 72
  • +0/-0
Greylisting on SME 7
« on: December 04, 2006, 12:13:02 AM »
Hi,
I am the system admin for a school and have about 1000 users email accounts.

My ISP account limits my download to 40GB per month and that limit is being reached.  I am not sure but i suspect a significant amount of that can be  attributed to recieving SPAM email.  It would be lovely if I could reject SPAM before the bulk of the message is sent by the spamer.

I have this question. Does greylisting regect recieving email before the body of the email is sent?

Does Bays filtering do the same? i.e. does it reject the email before the body of the email is sent?

The other issue I have is that my current SME 7 gateway with virus clamAV and spam assasin running, is being hammered (over 50% cpu usage) and I understand that greylisting is a lot less load on the server cpu than Bays filtering.  Is that the case?

Finally, the only instructions I can find on installing greylisting is for SME 6 is there a howto for SME 7?

Thanks for answering,

Brad
.........

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Re: Greylisting on SME 7
« Reply #1 on: December 04, 2006, 01:02:44 AM »
Quote from: "bjoyce"

It would be lovely if I could reject SPAM before the bulk of the message is sent by the spamer.


You can already do that. You need to choose Custom spam sensitivity setting on the E-mail filtering panel.

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Greylisting on SME 7
« Reply #2 on: December 04, 2006, 05:47:43 PM »
Here's how I've setup my mail servers on SME 7.  Most of my sites use SME 7 as a spam filter in front of another mail server, so I wanted very forgiving Bayesauto-learning levels to keep my users from losing HAM.  

This configuration significantly reduced my bandwidth requirements by closing the SMTP connections before email download for obvious SPAM:
Code: [Select]
mkdir -p /root/spamfilter
cd /root/spamfilter
wget \
http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/smeserver-spamassassin-features-0.0.2-0.noarch.rpm
yum localinstall smeserver-spamassassin-features-0.0.2-0.noarch.rpm
config setprop spamassassin BayesAutoLearnThresholdSpam 12.00
sa-learn --sync --dbpath /var/spool/spamd/.spamassassin -u spamd
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes_*
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes.mutex
chmod 750 /var/spool/spamd/.spamassassin/bayes_*
signal-event post-upgrade
signal-event reboot
wget and http://distro... are on one line; note the backslash to escape the <return> in this post

Read the Sonoracomm howto for more information: http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49

This post describes a way to enable greylisting on SME 7: http://forums.contribs.org/index.php?topic=33662.0 but there is no feedback as yet on whether it works.

Offline bjoyce

  • *
  • 72
  • +0/-0
Greylisting on SME 7
« Reply #3 on: December 05, 2006, 04:13:50 AM »
Thanks CharlieBrady, I have tried what you suggested and there is no desernable difference approx 10 spam to my email a day still get through and cpu usage very similar (SME7admin).  I already had spam enabled but not the custom setting.  I had that set to high. tagging and rejection levels are both set to 5.

Thanks mmccarn, I will give this a go.

Regards Brad
.........

Offline bjoyce

  • *
  • 72
  • +0/-0
Greylisting on SME 7
« Reply #4 on: December 06, 2006, 01:12:49 AM »
I have enabled greylisting as per instuctions on http://forums.contribs.org/index.php?topic=33662.0

As I said in this post I have tested it and it works, no spam at all and legit email test came though in 37minutes for the first time and immediatly for the second email

However, how do you add IP's to the whitelist for  legit email that gets blocked?

Thanks Brad
.........

Offline bjoyce

  • *
  • 72
  • +0/-0
Greylisting on SME 7
« Reply #5 on: December 06, 2006, 04:03:36 AM »
I found that RayMichell has the answer
---
db spamassassin setprop wbl.global *@*vonage.com White *domain2.com White *domain3.com Black
(all on one line)

edited - of course followed by
expand-template /etc/mail/spamassassin/local.cf
svc -t /service/spamd
---

Tested this by adding a white list entry and then emailing from a previously unused account and there was no delay.  Works a treat.

Brad
.........

Offline raem

  • *
  • 3,972
  • +4/-0
Greylisting on SME 7
« Reply #6 on: December 06, 2006, 09:41:36 AM »
bjoyce

> I found that RayMichell has the answer
> db spamassassin setprop wbl.global *@*vonage.com White

That's wrong to use that command with greylisting, see my post at
http://forums.contribs.org/index.php?topic=33662.0
...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Greylisting on SME 7
« Reply #7 on: December 06, 2006, 09:52:52 AM »
bjoyce

> The other issue I have is that my current SME 7 gateway with virus
> clamAV and spam assasin running, is being hammered (over 50% cpu usage)

Have you enabled RBL's (via command line) and enabled executable content blocking (in server manager panel). Both of those will considerably reduce accepted spam.
Then spamassassin & clamav have a lot less to process.

As Charlie says, set a custom level for spam rejection, say  a score of 15 or if you are really keen, reduce that to 12.

Also have a spam detection threshold set at 4 points.
Messages detected between 4 - 12 points will end up in the junkmail.
Messages with 12 points and above get rejected outright.
Messages from senders on RBLs get rejected outright.

To deal with whatever else gets through, install the other contrib/scripts re configuring the LearnAsSpam folder with Bayes, as per the sonoraccom howto. It seems to work well and gives users something to do (& makes them feel good) by manually moving spam that still arrives in their Inbox, into the LearnAsSpam folder for Bayesian learning & deletion each day.
...

Offline jvels

  • ***
  • 130
  • +0/-0
    • http://vels.dk
Greylisting on SME 7
« Reply #8 on: December 07, 2006, 10:50:33 AM »
What about to "Send the hat rundt" and see how many coins there would be in the hat.

Then try to find a developer there can write a nice "graylisting panel" to the admin panel, so its possibel to add remove items to the whitelist in the web interface.

Best regrads
jesper vels

Offline raem

  • *
  • 3,972
  • +4/-0
Greylisting on SME 7
« Reply #9 on: December 07, 2006, 11:24:19 AM »
jvels

A panel is not really needed for adding whitelist entries for greylisting.
They are easy to add using the command line, and once added would probably not need to be removed.

Read this file
/usr/share/qpsmtpd/plugins/greylisting

and from this post at http://forums.contribs.org/index.php?topic=34498.0

You could try white-listing the sending email host. This will selectively change the behavior of some of the subsequent qpsmtpd plugins, and might get your messages through...

To add a white-listed host:

config setprop qpsmtpd RequireResolvableFromHost yes

pico /var/service/qpsmtpd/config/whitelisthosts

(add the IP addresses you want to whitelist, one per line)

signal-event email-update

(Turning on "RequireResolvableFromHost enables the "whitelist_soft" plugin. Also, there's no default template for "whitelisthosts" so your changes shouldn't disappear by themselves. Ultimately, this should probably be templated and should use the configuration database...)
...

Offline bjoyce

  • *
  • 72
  • +0/-0
Re: Greylisting on SME 7
« Reply #10 on: December 08, 2006, 02:53:28 AM »
Quote from: "RayMitchell"

As Charlie says, set a custom level for spam rejection, say  a score of 15 or if you are really keen, reduce that to 12.

Also have a spam detection threshold set at 4 points.
Messages detected between 4 - 12 points will end up in the junkmail.
Messages with 12 points and above get rejected outright.
Messages from senders on RBLs get rejected outright.

To deal with whatever else gets through, install the other contrib/scripts re configuring the LearnAsSpam folder with Bayes, as per the sonoraccom howto.

RayMichell, thanks for your help, your terrific. I have done as you have suggested here and also had bayes filtering up and running before I tried greylisting.

I have an issue with this thou as my users all access the email via pop3, a small number use a microsoft exchange server and I just forward those account (about 20) from their SME account to the MS exchange, the only reason for MS Exhchange is the interface and shared calendars.  The only way a user can access their junk mail with this setup is to go through the webmail interface.  I assume the other way I could do it is to change all the users over to IMAP access instead of pop3.  Do you know of a way to transfer the junkmail on the server to junkmail in MS Outlook using pop3?  The SME 6 box used to tag the email and forward it to the account.  All i did then was set up a rule in MS outlook to dump all the [SPAM to their junk mail folder.

Regards Brad
.........

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Greylisting on SME 7
« Reply #11 on: December 08, 2006, 03:58:32 AM »
bjoyce

>...my users all access the email via pop3, a small number use a microsoft exchange server...

You can also configure an IMAP account in their email client, the POP acct will download the messages from the sme server to the Inbox and the IMAP acct will allow you to read the junkmail folder & LearnAsSpam folder too. They will also be able to move local POP Inbox unidentified (untagged) spam to the LearnAsSpam folder (on the sme) for Bayesian learning.

For those users with forwarding, you can delete the junkmail folder (in the user Maildir section of sme server) and all the junkmail will go to their POP Inbox.
Install the contrib (smeserver-spamassassin-features-0.0.2-0.noarch.rpm)that alters the header to insert ***SPAM*** and you can then use a local Mail Rule to filter the spam to a local POP junkmail folder.
...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Greylisting on SME 7
« Reply #12 on: December 08, 2006, 04:07:06 AM »
bjoyce

> I have done as you have suggested here and also had bayes filtering up and running before I tried greylisting.

You did not answer whether you enabled RBL's, they are not enabled by default on sme7. Enabling those will make a huge reduction in accepted spam (as most of it will be rejected). If you add some of the more aggressive lists like dynablock.njabl.org &  bl.spamcop.net, then spam will almost disappear I would imagine.

I would also add dnsbl.sorbs.net instead of or as well as dnsbl.njabl.org, as the later is no longer being updated.
...

GizMo2

Greylisting on SME 7
« Reply #13 on: January 06, 2007, 11:24:41 PM »
Quote from: "mmccarn"
Here's how I've setup my mail servers on SME 7.  Most of my sites use SME 7 as a spam filter in front of another mail server, so I wanted very forgiving Bayesauto-learning levels to keep my users from losing HAM.  

This configuration significantly reduced my bandwidth requirements by closing the SMTP connections before email download for obvious SPAM:
Code: [Select]
mkdir -p /root/spamfilter
cd /root/spamfilter
wget \
http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/smeserver-spamassassin-features-0.0.2-0.noarch.rpm
yum localinstall smeserver-spamassassin-features-0.0.2-0.noarch.rpm
config setprop spamassassin BayesAutoLearnThresholdSpam 12.00
sa-learn --sync --dbpath /var/spool/spamd/.spamassassin -u spamd
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes_*
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes.mutex
chmod 750 /var/spool/spamd/.spamassassin/bayes_*
signal-event post-upgrade
signal-event reboot
wget and http://distro... are on one line; note the backslash to escape the <return> in this post

Read the Sonoracomm howto for more information: http://www.sonoracomm.com/index.php?option=com_content&task=view&id=49

This post describes a way to enable greylisting on SME 7: http://forums.contribs.org/index.php?topic=33662.0 but there is no feedback as yet on whether it works.


Wath is the method for uninstall all ???
Not see any panel in web administration for confugure it, i have sended one email for webpanel of yahoo for test, email as arrived immediately, this filter does not work.