Topic: How do I enable and configure Greylisting in qpsmtpd please?

[StephenHodgman]

I have created a template-custom entry that adds the Greylisting plugin to my qpsmtpd config.
This is loading but for each eamil I am seeing this sort of entry in my log.
2803 running plugin (mail): greylisting
2803 greylisting plugin: config: black_timeout=3000,grey_timeout=12000,mode=denysoft,recipient=0,remote_ip=1,sender=0,white_timeout=3110400
Use of uninitialized value in pattern match (m//) at /usr/share/qpsmtpd/plugins/greylisting line 209.
Use of uninitialized value in concatenation (.) or string at /usr/share/qpsmtpd/plugins/greylisting line 220.
2803 greylisting plugin: using /denysoft_greylist.dbm as greylisting database
2803 greylisting plugin: opening lockfile failed: Permission denied
2803 Plugin greylisting, hook mail returned DECLINED,

So I assume I have not enabled it correctly.
Can somebody please tell me how to do this correctly or point me at the appropriate doco?
(I searched the forums but did not find anything)
I would also be interested in suggested parameter settings for the blacklist_timeout etc.
Thanks,

[janet]

StephenHodgman

I searched the forums but did not find anything

Click the magnifying glass icon at the top of these forums and then do an advanced search on greylisting.

You will find lots of entries.

The basic search is not very good at finding anything much as I believe it is limited in scope.

[StephenHodgman]

Thanks for the pointer Mary.
I have Greylisting working in 7.4 now.
My problem turned out that I had to specify the db_dir parameter in the config line.
the perl script does not like it if this is not specified
As well as following the instructions here.
http://forums.contribs.org/index.php/topic,33662.msg153187.html#msg153187

So after some reading, checking code playing about what I did was:

Code: [Select]

# Enable Greylisting
# First create a location for the dbm file
mkdir -p /var/lib/qpsmtpd/greylisting
chown qpsmtpd:qpsmtpd /var/lib/qpsmtpd/greylisting
#
# Create location for Whitelist Host file. This is templated.
# (These are IP addresses of hosts that dont retry nicely
#   e.g. bigpond.com has numerous outgoing mail servers
#         retries can come from any one of these...)
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/whitelisthosts
#
# N.B you now need to add whitelisted host IP addresses, one per line in files there
# e.g. echo 123.123.123.123 >>/etc/e-smith/templates-custom/var/service/qpsmtpd/config/whitelisthosts/10whitelisthosts
#  then create the file
expand-template /var/service/qpsmtpd/config/whitelisthosts

#
# Create a custom template entry to get greylisting added to the runtime config
#
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
#
# Create entry to enable Whitelisting to deal with mail servers that dont behave as we want.
#
echo whitelist_soft > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/05whitelist_soft
# Enable greylisting with modified options
echo greylisting black_timeout 60 db_dir /var/lib/qpsmtpd/greylisting > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/10greylisting
/sbin/e-smith/expand-template /var/service/qpsmtpd/config/peers/0
#
signal-event email-update

That is what I have done and greylisting seems to be working in SME 7.4
I will be monitoring the logs to find other email hosts that do not seem to be retrying so I can
add to the whitelisthosts template file, expand the template and then signal email-update.

Not sure I have it all correct so would appreciate any feedback on this approach.
Thanks,

[StephenHodgman]

We have been operating with Greylisting for a week now.

No reports of (valid) emails getting blocked
Significant reduction in SPAM across all mailboxes.
I received only  20 in my junkmail in Thunderbird.  This would normally be well over a hundred, sometimes more
In my server junkmail folder there were under 40.  A big drop as well.
Grey listing gets the thumbs up here so far.

[erroneus]

Generally, the people who are nay-sayers of greylisting haven't used it much or at all.

Yes, "delays" in email are annoying to people who confuse email for being an "instant messenger service" and don't appreciate SMTP for the protocol that it is.  (This is "most users" as it turns out)  And for some, a bit of tuning is needed when weird uses of email protocols are in use.

To address the "delays" problem, it is easy to tell users "oh, it must have gotten stuck in our spam filter.  ask them to send it again and it should go through."  This works for most users who will happily bounce away and ask the remote party to send again... happily because they usually love that there is strong spam filtering in place and that it is working.

As for the tuning, there are different ways this is done, but in nearly all cases, it is done either initially or early on in greylisting configuration and then never again.  One nice thing about greylisting is that there are "white lists" of known misbehaving mail servers and multi-server clusters that operate from multiple IPs (like yahoo).  For your particular application, some people like to also white-list common contact email servers... that's usually okay, but not necessary if patient.

One thing about greylisting is that it only works when there is direct server-to-server communications.  Your SME server can't have a spam filter appliance in front of it.  This is because greylisting tracks the IP address of the sender and if there is a filtering appliance or server processing the mail and relaying it to your SME server, all incoming mail appears to be coming in from the same IP address.

Greylisting confuses people because there is a bit more to know and understand about how SMTP [is supposed to] works.  It also annoys people because inappropriate implementations of mail services can more confusion and annoyance.  (Rather like MSIE's broken implementation of HTML standards makes people believe things that aren't true.)

For people who can stick to their guns on these issues, greylisting is probably the most important facet of their spam blocking solution since it stops bad email from being scanned and processed and that sort of thing.  Greylisting reduces server load in a very big way.  But with all that said, I don't recommend implementing greylisting on your SME server.

"Why?!  If you are such a fan and supporter of greylisting, why do you not recommend it for SME server?!"

Simple:  I recommend ESVA which is a free/open source spam filter virtual appliance that really, really works.  It employs greylisting and other techniques and also provides useful functions like quarantining and report generation.

[Franco]

Simple:  I recommend ESVA which is a free/open source spam filter virtual appliance that really, really works.  It employs greylisting and other techniques and also provides useful functions like quarantining and report generation.

Assuming you´re implementing it in front of the SME server, can you provide us with an example of how you´re done it?

Thanks,

[erroneus]

Well there are requisites such as setting your MX record to point to your receiving email server's IP address.  The MX record should point to your spam filter appliance.  If it is behind a NAT, then make sure the port 25 is redirected to the  spam filter appliance.

In cases where your SME server is the NAT device, I'm not sure how that works since I don't run SME that way.  I have seen cases where SME server doesn't like to perform certain actions/changes that are counter to certain functions.  (For example, if you run with SME behind a NAT router and would like to add a host name for the router, server-manager will return an error disallowing you to create a hostname entry)  It will probably add confusion in SME since if SME were the NAT router and it redirected port 25 to a spam filter device, the spam filter device would then want to send the filtered email to the SME server which might, in turn, try to forward the connection back to the spam filter device since it listens to port 25.  It really depends on the complexity of the rules defined and the order in which they are defined and the interfaces they are defined for.

I operate from behind a single IP address with a NAT router device.  It redirects incoming port 25 to my ESVA virtual machine.  It then processes the email and is configured to pass on email to the email server.  Both the ESVA and SME server are in virtual machines on the same VM host.  The ESVA does not act as a gateway but is instead a stand-alone server.

>>Incoming-Email>>Router>>ESVA>>SME-Server

Clear enough?