Reducing Spam with milter-greylist

milter-greylist is a sendmail milter which implements the greylist filtering method, as proposed by Evan Harris.

Greylisting works by assuming that, unlike legitimate MTA, spam engines will not retry sending their junk mail on a temporary error. The filter will always reject mail temporarily on a first attempt, then accept it after some time has elapsed.

So this method of greylisting works very well if used with a combination of DNS-Based Blacklisting as the spammer would have gotten blacklisted in several real-time distributed black lists before the second attempt and effectively reducing spam emails.

Below is an outline of quickly building and installing the greylist milter and configuring sendmail to use the milter. This was done on a RHEL3 box.

  1. Install sendmail-devel (to include libmilter) along with flex and bison rpm packages.
    # up2date --install sendmail-devel flex bison

  2. Download the stable release and build rpm of milter-greylist.
    Reference: rpmbuild
    $ wget ftp://ftp.espci.fr/pub/milter-greylist/milter-greylist-2.0.2.tgz
    $ rpmbuild -tb milter-greylist-2.0.2.tgz

  3. Once the rpm is built, install via:
    # rpm -ivh milter-greylist-2.0.2-1.i386.rpm

  4. Setup it up to startup at boot:
    # chkconfig milter-greylist on

  5. Go through the default "/etc/mail/greylist.conf" configuration file, edit it and add addr lines for at least localhost and all your local network addresses. Here is an example:
    acl whitelist addr 127.0.0.0/8
    acl whitelist addr 192.0.2.0/24
    acl whitelist addr 10.0.0.0/8

    Type "man greylist.conf" for more information on the syntax.

  6. Start and test the milter. Check the maillog for any errors...
    # tail -f /var/log/maillog
    # services start milter-greylist

  7. Modify sendmail.mc file to configure sendmail to use the milter.
    INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock')

    Note: The single quotation marks are not all the same -- the first quotation mark in each pair is a backquote, the second is an apostrophe.
    The line should be placed just after the dnsbl checks to work effectively. Here is how mine currently looks like:
    # Start DNSBL BlockList
    FEATURE(`dnsbl', `relays.ordb.org', `"554 Rejected "$&{client_addr}" - see http://ordb.org/"')dnl
    FEATURE(`dnsbl', `bl.spamcop.net', `"554 Spam blocked - see http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
    FEATURE(`dnsbl', `dnsbl.sorbs.net', `"554 Rejected "$&{client_addr}" - see http://dnsbl.sorbs.net"')dnl
    FEATURE(`dnsbl', `cbl.abuseat.org', `"554 Rejected "$&{client_addr}" - see http://cbl.abuseat.org"')dnl
    FEATURE(`dnsbl', `sbl.spamhaus.org', `"554 Rejected "$&{client_addr}" - see http://www.spamhaus.org/SBL/"')dnl
    # End DNSBL BlockList
    # Start Greylisting
    INPUT_MAIL_FILTER(`greylist', `S=local:/var/milter-greylist/milter-greylist.sock')dnl
    # End Greylisting

  8. Use m4 to rebuild your sendmail.cf file from your modified sendmail.mc file.
    # m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

  9. Restart sendmail:
    # service sendmail restart

  10. Try sending mail from another server and check "/var/log/maillog" file for 'Greylisting in action' to verify the installation.
    # grep 'Greylisting in action' /var/log/maillog

With greylisting in place, I have about a couple emails that get through the milter but is effectively tagged as SPAM by SpamAssassin and has my Inbox free of Spam!!

Related Links:

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Announcing zen.spamhaus.org dnsbl

Spamhaus now have a new BL name called zen.spamhaus.org that will replace sbl-xbl.

"zen" will include sbl+xbl and also "pbl" list, which is a list of "Non-MTA IP address ranges set by the block owner's outbound mail policy". So an ISP/email admin can voluntarily submit a range of IP's on their network which are not allowed to send email.

Here's a brief from their site:


zen.spamhaus.org

ZEN is the combination of all Spamhaus DNSBLs into one single powerful and comprehensive blocklist to make querying faster and simpler. It contains the SBL, the XBL and the new PBL blocklist.

Caution: zen.spamhaus.org replaces sbl-xbl.spamhaus.org.

If you are currently using sbl-xbl.spamhaus.org you can now replace 'sbl-xbl' with 'zen' (sbl-xbl.spamhaus.org will eventually become obsolete and may in the future be withdrawn from service).

zen.spamhaus.org should now be the only spamhaus.org DNSBL in your configuration. You should not use ZEN together with other Spamhaus blocklists or you will simply be wasting DNS queries and slowing your mail queue.

You can get more info at: http://www.spamhaus.org/zen/

i386 RHEL3 milter-greylist rpm download

Here's the md5sum with download link:

eb448ba2ab1af64d366e75e16d7f976a -- milter-greylist-2.0.2-1.i386.rpm

milter-greylist-3.0-1

Built with smmsp user on RHEL3:

# rpmbuild -tb --define "build_user smmsp" milter-greylist-3.0.tgz

md5sum:
0e93358a6292462766df031b6861ff15 milter-greylist-3.0-1.i386.rpm

SIM module for milter-greylist

If you are using SIM to monitor your services, then below is simple "greylist.mod" you can add to the modules folder to monitor milter-greylist:

#sim_modv3x
#disable
proc_chkapp=1
init_name=milter-greylist
run_name=milter-greylist
serv_init $init_name $run_name 3

Turn the monitoring on by specifying it in the mods.control file:

init.greylist on

Comment