Dear Lazyweb, I’m after recommendations.
I have a machine which handles mail for a number of domains and I get a lot of spam. Mail is filtered using spamassassin after being delivered, which is fine as far as it goes, but it means that all this mail actually gets delivered and processed and so on.
I want to reject likely-spam at SMTP time, so that I never need know about it (and, also, if it *is* a legitimate message, the sender will know it has been spam-trapped). I have a Sarge (or Etch) Debian box available to do this and it runs Exim 4. What do you use, how is it setup?
Check out greylisting, and if you like the look of it apt-get install greylistd. There’s a very basic article on Debian Administration (http://www.debian-administration.org/articles/167).
It works quite well, and if you remove sender ip as a qualification you shouldn’t have trouble with people trying to mail you from any location with multiple MXs. The down side is that the sender doesn’t/shouldn’t get notified.
PermalinkLooks interesting. I’ve always been nervous about greylisting because of the fact that it may delay legitimate mail, but I guess I can probably live with that. Does the list of “permitted IP sender addresses” just grow indefinitely?
Permalinkgreylistd has configurable lifetimes for auto-whitelisted (IP, From, To) triples. If you know in advance what domains or IPs you want non-delayed mail from, you can add them to a static file of whitelisted hosts with the Debian setup. For what it’s worth, I’ve never had any problems with greylistd other than the minor irritation of delayed mail. It reduces spam a bit, but newer spambots are catching on it seems.
Spamassassin/exim4-(something with exiscan) can be made to reject mail at SMTP time if its spam score is larger than some threshold. I’ve been having problems with the stability of this setup though: spamd falling over in a heap, causing Exim to reject mail with a 450 response. I suspect it’d work better with faster/better systems.
Permalinkwhy not run spamassassin as an acl? that way you can reject at smtp time no problem. There’s loads of info about this on the exim sites, can also run clamav as well…..
I thought you ran amavisd-new – doesn;t this to checks at smtp time?
Anymore info I suggest you look at the debian-exim list (as debian gernally mess with exim so there’s a specific list)
PermalinkSpamassassin is ok, can place quite a load on your machine if you have a lot of mail coming in, people say good things about DSPAM as a replacement but I haven’t tried it.
Greylisting is a great device but you have to watch carefully at first. The idea is to temporarily reject everything first time around and allow it an hour later, by which time most spammers are in a RBL. I reduced my greylist to 10 mins timer because some of my users can’t afford to wait that long, a lot of mail servers try once, try again 15 mins later and then start trying every 2 hours, then very 8. So if you reject for an hour you migth not accept if for 2 hours, bad for Ebay users. Beware that Blueyonder/NTL/Virgin Media and some smaller people don’t retry at all, I had to add them all to greylist’s whitelist. If they don’t retry within 8 hours their greylist status expires.
Have a look at Vexim, I build most of my mail servers on top of it. Mail me even if you would like pointers for common config changes to Vexim. Look at mine or Vexim’s wiki for my greylisting (I wrote both) for greylisting in (V)Exim. Requires exim4-daemon-heavy on Debian.
Use zen.spamhaus.org as an RBL.
Permalinkyou’ve got to watch spamassassin setups quite carefully to start with, esp wrt timeouts etc. There’s also a known issue with SA 3.2.0 (latest retease), perl
PermalinkI suspect it’d be not dissimilar to: http://www.debian-administration.org/articles/141
See also: http://www.debian-administration.org/articles/511
Still not convinced by greylisting, the Manchester LUG use it for their mailing list and it’s a pain in the bum.
Permalink