Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Configuring delaying/greylisting

  1. #1
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    2

    Default Configuring delaying/greylisting

    I've been looking around for information on what I might be able to do in order to slow spammers down and one of the things which has always worked on assp is the delaying/greylisting feature.

    I wanted to add this to zimbra 8.0.6 but I can't seem to find information which appears to be current. I don't want to go installing all kinds of things that aren't needed because 8.0.6 might already have certain things installed for example. However, I can't find a specific document for 8.0.6 either which clearly explains what I need to do.

    So.. help

  2. #2
    Join Date
    Jan 2014
    Location
    London, UK
    Posts
    27
    Rep Power
    1

    Default

    Postfix Policyd - Zimbra :: Wiki
    …but I just set that up on an 8.0.5 and had to remove it. Clients on Apple Mail that do not have "use custom port" ticked and manually entered "465" fall trap for the greylisting themselves also, since Apple Mail tries on port 25 (and sometimes works), thus them too being greylisted. Furthermore, it kept on crashing on my brand new setup (2 x 2.4GHz HP Proliance DL380E with 2 x 16 Gb RAM)*— so, well, I am sorry : but I really do not recommend it.

    Spamhaus offer a paid service. Get that —*it's has zero false positives and is GREAT, my first RBL.
    So is the free Barracudacentral's RBL, my second RBL
    With spamhaus comes also the URIBL, and in Squirrelmail I have enabled it as "score URIBL_SPAM 200" and that removes a TON of it.
    The "score URIBL_BLACK 5" also does a good job moving junk mail into end users junkmail folder.

    Then consider getting your hands on the excellent SNF filter.
    It basically scans the content of all emails against its online register of phrases and combinations of mathematical algorithms.
    It's super fast, and places a lot of your 'non-junk' in your administrators junkfolder, which thus, spamassassin can be set to learn from, and thus better improve itself.
    Needless to say, make sure that your Spamassassin is indeed set to update itself, my installation did apparently not have that turned on by default (or late night fiddling with the system caused me to believe that was the case).

    I don't know if this was helpful.
    Hopefully, it is.

    Miguel

  3. #3
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    2

    Default

    >Then consider getting your hands on the excellent SNF filter.

    As I mentioned, I've been using the free open source ASSP app on a dedicated blade and it's incredibly good at spam removal. However, I would prefer not having to have another server in front of one that should already know how to deal with spam. I can't believe the zimbra folks spent so much time on so many functions but not spam. Spam is the scourge of the internet and should be priority one with ANY SMTP server.

    >Needless to say, make sure that your Spamassassin is indeed set to update itself, my installation did apparently not have that
    >turned on by default (or late night fiddling with the system caused me to believe that was the case).

    Maybe I've not seen current documentation or something because I don't recall this. No matter how many times we tag items as SPAM, they just keep coming back. I've enabled other items including RBL's but don't recall this. Can you elaborate.

    It looks like basically, sa-update isn't automated or called so never runs. Did you just create a cron job for it perhaps?

    >I don't know if this was helpful. Hopefully, it is.

    Certainly, always nice to get a reply so most definitely appreciate it.
    Last edited by zim_mike; 01-26-2014 at 03:20 PM.

  4. #4
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    2

    Default

    This seems to be what we are looking for.
    Postfix Policyd - Zimbra :: Wiki

    I am afraid to implement anything on zimbra because things seem to change breaking updates. I'm not sure how much I want to rely on zimbra as a solution lately. It seems way too easy to break it.

  5. #5
    Join Date
    Jan 2014
    Location
    London, UK
    Posts
    27
    Rep Power
    1

    Default

    Hi Mike,

    I rely 100% on my Zimbra server, and LOVE it to bits.
    True, it's easy to break it*— but you try Mac OS X Server and you'll be RUNNING back to your Zimbra installation*: ANY DAY!

    PolicyD's greylist, like I wrote earlier, nice touch, but with my little knowledge of it I find it rather hard to work with, for two reasons:

    a) It does not allow whitelisting of say @gmail.com, but rather, if I wanted to do so, have to look up the SPF records of that domain, and then manually add its IP addresses to the database
    b) when greylisting is turned ON, it is so done for Port 25. It does not appear to consider people on Apple Mac, whose "std smtp port number" is to let Apple guess, starting with 25, then 465 and then 587 — naturally thus greylisting them too. It would be nice if it could sense that the user on port 25 was authenticating via SASL, thus excempt to greylist. I had a ton of users trying to send emails, but they would remain in their outbox for 10 minutes, seeing that they also were greylisted : so manually I had to reconfigure a TON of clients to set the Apple Mail to port 465.

    But the theory behind it is awesome.
    Look up the other one, postgrey.

    Hands-on Zimbra: Zimbra Postgrey Integration

    I have never done that on zimbra, and I cannot tell you if that link works, but it looks promising.
    I had it installed on my Mac OS X Server, and whitelisted say @gmail.com, and voila –*it took care of the rest.
    It was great.

    In regards to you asking me to elaborate, I'm not a wizard on SpamAssassin.
    Speak to these people: Mail's Best Friend
    They are AWESOME! That Datafeed from spamhaus will give you their Paid-for RBL which is just AMAZING!
    that SURBL / URIBL will further ensure your spam goes down towards zero.
    Mails Best Friends are helping me out tomorrow eveing, installing Pyzor, Razor, dSpam and making sure that my own installation of SpamAssassin does what it is supposed to do.

    Let me know how you get on.
    I hope this was somewhat useful.

    Miguel

  6. #6
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    2

    Default

    For now, all I have done is to enable policyd.

    zmprov ms <mta server> +zimbraServiceEnabled cbpolicyd

    I guess I don't understand it enough yet but all of a sudden, everything that is supposed to be coming in is still getting in while I no longer even see spam connections, which I don't much like. I would like to at least see them being rejected/dropped in the log so that has me confused.

    I'll let that run for a while with default settings and see what happens.

    Mike

  7. #7
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    2

    Default

    By any chance, do you know if there is a way of watching live SMTP connections?

  8. #8
    Join Date
    Jan 2014
    Location
    London, UK
    Posts
    27
    Rep Power
    1

    Default

    From what I understand:

    PolicyD is the underlaying engine to, amongst others, greylist.
    Doing the command you did, turns it on.

    That's all.
    It is not engaged. Like a Ferarri, turned on. No gear is enabled.
    It just sits there, and burns CPU resources and occupies RAM in your garage.

    It's the subsequent commands that puts it in gear, e.g creating a rulebase in *SQL.
    Doing that, suddenly makes your log busy, I believe it was /var/log/policyd.log if I am not totally wrong.
    There is a setting, on this site, that claims to put in in training. Do that. It's smart.
    Let the training run. For some time.

    My problem with this is that for example gmail has got 20 mailservers.
    punter with gmail sends you an email. It will try on smtp1.gmail.com and be greylisted.
    gmail moves it to smtp2.gmail.com and the punter will try again, but is now a new email from a new server, and so, it will have to try 20 times before you get it.
    you cannot whitelist @gmail.com. You'll have to whitelist all gmails servers.
    Easy, just get dig txt gmail.com and start following all those servers there until you get IP addresses.
    IT will take time, and gmail has a ton of them.
    Then, naturally, there is Rackspace, Messagelabs, Outlook, Yahoo, Hotmail, eBay, Apple, Microsoft… you get the message, right…? ;-)

    I love the idea of Greylist.
    It's really beautiful.
    But it really needs a helo-whitelist or domain-whitelist : because its current incarnation, to me, it not sustainable.

    I tried it.
    My list of IP addresses is approxiamtely 300 IP addresses long.
    It took me 2 days to compile it, and a lot of unhappy clients that claimed that e-mails were being stalled up to 1h in worst case.
    I have turned it OFF now.

    "Good luck"

    Miguel

  9. #9
    Join Date
    Nov 2013
    Posts
    78
    Rep Power
    2

    Default

    [QUOTE=mafiabusiness;326473]From what I understand:
    >It is not engaged. Like a Ferarri, turned on. No gear is enabled.
    >There is a setting, on this site, that claims to put in in training. Do that. It's smart.

    Yes, I see the steps in the document but I want to simply turn it on for a while, make sure nothing strange happens. As I said, it's so easy to break zimbra.

    >you cannot whitelist @gmail.com. You'll have to whitelist all gmails servers.
    >Easy, just get dig txt gmail.com and start following all those servers there until you get IP addresses.

    Can't zimbra use DNS SVR?

    >I love the idea of Greylist. It's really beautiful.
    >But it really needs a helo-whitelist or domain-whitelist : because its current incarnation, to me, it not sustainable.

    Yes, delaying spammers is one big way to stop the flow but I'm not sure what you mean above. Do you mean that zimbra does delaying in some strange way?

    By the way, why have the logs changes since I have activated policyd? There is no policyd.log in my zimbra logs directory or the servers /var/log. I want to watch the log for a while before making any changes, including teaching.


    Mike

  10. #10
    Join Date
    Jan 2014
    Location
    London, UK
    Posts
    27
    Rep Power
    1

    Default

    PolicyD can only whitelist IP addresses.
    LOG Location: /opt/zimbra/log/cbpolicyd.log

    What I mean is gmail.com has 20 SMTP server.
    If one fails, which it will (hence that is the purpose of greylist), it will be passed on to the next, and then next, until it has done them all, and then start over again.

    Miguel

Similar Threads

  1. Cbpolicyd not greylisting
    By plastilin in forum Administrators
    Replies: 13
    Last Post: 06-24-2013, 08:26 PM
  2. email delaying on server side
    By liku in forum Administrators
    Replies: 0
    Last Post: 01-25-2012, 04:18 AM
  3. Greylisting and a new approach ?
    By uxbod in forum Administrators
    Replies: 2
    Last Post: 11-23-2009, 12:14 AM
  4. Upgrade to 5.02 and greylisting question.
    By Miklos Kalman in forum Administrators
    Replies: 4
    Last Post: 02-11-2008, 11:56 AM
  5. greylisting / trying to edit main.cf
    By vitrum in forum Administrators
    Replies: 2
    Last Post: 01-15-2006, 10:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •