Results 1 to 10 of 10

Thread: [SOLVED] anti-spam - postgrey

  1. #1
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default [SOLVED] anti-spam - postgrey

    i'm following the wiki at this location

    Improving Anti-spam system - ZimbraWiki

    to improve spam filtering. do i need to install postgrey? i'm using centos so i didn't know if i had to or not. i've done everything above in the tutorial.

    i'm having a little trouble understanding the local.cf file additions/changes after PYZOR + RAZOR + SPF install like with the ratings but everything else has been done.

    thanks.

  2. #2
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Have you completely maxed out all your possibilities with tweaking the defaults of Zimbra's AS?
    See this thread for ideas (it's only a few days old):/forums/administrators/11142-i-dont-think-rbls-bayes-working-me.html#post58026

    I just realized that that wiki article doesnt' actually describe what postgrey does, it just goes right into setting it up. (I'll add some notes)
    It's Postfix Greylisting Policy Server, the original authors site http://postgrey.schweikert.ch is down right now so Google or see Greylisting.org for some examples.

    A brief rundown of the concept of graylisting:
    You take the mail 'hold it', then you send back a temporary error; so that they try mail delivery again. Then when a legit connection is attempted again the mail goes through. Spammers just tend to move on and not bother. The preferred method (and every graylisting software is different): If no retry is made within say 1hr you add x points to it's score and still deliver it. Thus no mail is really ever lost to accidental graylisting. And usually you whitelist domains/IP's somewhere so they don't accidentally spend time in your own graylist hold later on (and pick a day value for this auto-whitelist to expire) AND/OR you might permanently whitelist your frequent sender domains.

    The basic idea is that spammers mail servers are not respecting RFC standards specifications which basically says that when an email could not be delivered, the mail server should try again later on. By sending so many emails, spammers can't afford to spend to much resources on resending emails when they could not be delivered, so they ignore return codes.
    So if the email could not be delivered in the first place, they won't send it back to you.
    From this idea, greylisting simply rejects any untrusted mail domain by giving a 450 response code, which means "I can't deal with your request now, please try again later". As spam mail server are not usually RFC compliant, they won't try back and therefore you won't get the spam.

    For postgrey, when a request for mail delivery is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen less than x minutes ago (which prevents a spammer from trying 3 in a row in one minute etc; normally servers wait for say 10 minutes before retrying mail delivery-not something you set it's done on their end), then the mail gets rejected with a 450 temporary error. The sending server, according to correct behavior, should re-send the message. Legitimate mail servers will do this, but spam and virus servers rarely do. If the sending server is still trying after x minutes, Postfix accepts the message and could be configured to add the sender information to its whitelist database. So then you would be just seeing a x minute delay the first time they receive a message from a new source.

    In all it helps derail a significant amount of spam, personally I'd love to see it officially built into zimbra (not necessarily enabled by default, but easily turned on).
    Last edited by mmorse; 08-31-2007 at 10:51 AM.

  3. #3
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default

    I really appreciate the intense explanation. I guess I was just trying to find out if postgrey "had" to be installed and or was one of the other programs in the tutorial dependent on it? I postgrey section was a little vague.
    I think what I took from you response is that it was just an additional tool that can be used. Am I correct?

    Thanks.

  4. #4
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Correct, each of those numbered sections are essentially different/separate improvements to try.

  5. #5
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

  6. #6
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default

    thanks for the help mmorse. i did not enable the RBLs but later went back and did after reviewing that section on it. i'm a little confused why they are not enabled by default.

    the long and short is that between the RBLs and the referenced "anti-spam" wiki (sans postgrey install) my mailbox is not getting any of the spam instances prior to the changes. at this point i have no idea if things i don't want blocked are getting block but i doubt it.

    i appreciate the help and all the changes were quite easy to implement as well as well documented.

  7. #7
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Very cool-their not turned on by default because they rely on outside services, and some people don't want the extra traffic. In addition they come and go like the wind, (and there's also way more out there) so setting up checkboxes in the admin console for the RBL's would kinda be more work to maintain.
    That http://mail-abuse.org was added and only a few months later became part of a paid trendmicro service etc.
    Last edited by mmorse; 09-04-2007 at 01:44 PM.

  8. #8
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default

    i guess it is understandable especially considering one of the servers between the wiki i saw and the older admin manual i have no longer is valid. i'll keep all of this in mind on my current install as well as the others i admin.
    thanks.

  9. #9
    Join Date
    Feb 2007
    Location
    Pennsylvania
    Posts
    96
    Rep Power
    8

    Default

    mmorse,
    are the anti-spam instructions/techniques on that wiki still good for ZCS 5.x? i seem to be getting a lot of spam through.

  10. #10
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Yup - we try to keep it that way

Similar Threads

  1. Trying to understand Zimbra's anti-spam system
    By TaskMaster in forum Users
    Replies: 11
    Last Post: 01-25-2008, 09:59 AM
  2. [SOLVED] Reject SPAM
    By s0undt3ch in forum Users
    Replies: 9
    Last Post: 08-22-2007, 04:07 AM
  3. Spam being scored with BAYES_00
    By flyerguybham in forum Administrators
    Replies: 6
    Last Post: 04-24-2007, 01:07 PM
  4. Training spam and ham
    By Justin in forum Developers
    Replies: 2
    Last Post: 10-31-2006, 03:39 PM
  5. Anti Spam features
    By nxnw in forum Administrators
    Replies: 1
    Last Post: 08-08-2006, 04:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •