Greylisting per qmail

18 aprile 2023 by Roberto Puzzanghera 0 commenti

Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.

While greylisting is not effective as in the past, it still cut a certain fraction of the total spam.

Changelog

  • 18 aprile 2023
    Bai Borko ha suggerito un approccio differente per quanto riguarda la pulizia del database jgreylist e ha postato il suo script qui. Sostanzialmente, invece di eliminare i record più vecchi, il suo script lascia i record di IP affidabili negli ultimi 30 giorni, basandosi sul log di qmail-smtpd.

qmail-spp greylisting plugin

I introduce here how greylisting can be implemented on qmail by means of another qmail-spp plugin, which saves the data in MySQL. Having the data in MySQL is useful to measure how much spam is blocked by greylisting.

  • More info here
  • Author: Manuel Mausz

Download

cd /usr/local/src
wget https://manuel.mausz.at/coding/qmail-spp/greylisting/greylisting-0.5.tgz
tar xzf greylisting-0.5.tgz
cd greylisting-0.5

Compile and install

gcc -std=c99 -o /var/qmail/plugins/greylisting greylisting.c -I/usr/include -I/usr/include/mysql -I/usr/local/include/mysql -L/usr/lib/mysql -L/usr/lib64/mysql -L/usr/local/lib/mysql -L/usr/local/lib64/mysql -lmysqlclient
strip greylisting

Install the configuration files

cp mysql.cnf /var/qmail/control
chown vpopmail:vchkpw /var/qmail/control/mysql.cnf
chmod 600 /var/qmail/control/mysql.cnf
cp greylisting.config /var/qmail/control/greylisting
chown root:root /var/qmail/control/greylisting
chmod 644 /var/qmail/control/greylisting

Install the mysql database and create the mysql user (the database schema is inside the greylisting.sql file (note that in the same file you have examples for whitelist and blacklist queries):

> mysql -u root -p

CREATE USER 'greylisting'@'localhost' IDENTIFIED BY '***';
GRANT USAGE ON *.* TO 'greylisting'@'localhost' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
CREATE DATABASE IF NOT EXISTS greylisting;
GRANT ALL PRIVILEGES ON greylisting.* TO 'greylisting'@'localhost';

Now install the database schema from the greylisting.sql file (note that in the same file you have examples for whitelist and blacklist queries):

mysql < greylisting.sql -D greylisting -u greylisting -p

Copy your mysql access parameters into your mysql.cnf file. For example:

cat > /var/qmail/control/mysql.cnf << __EOF__ 
[client] 
#socket=/run/mysqld/mysqld.sock 
#host=10.1.2.3   
user=greylisting 
password=secret
database=greylisting 
__EOF__

If the connection has to be done against a local mysql host, it will be via the mysql socket. If, as in my case, you have mysql in a different host, comment out the "host" line.

Now define the "greylist" in the smtpplugin file:

# smtpplugins sample file 

# other lines here

[rcpt]
plugins/ifauthskip
plugins/greylisting

To enable greylisting you have to export this variable in your tcpserver environment. So put this in your qmail-smtpd run file

export GREYLISTING=""

or enable a tcprule in your tcp.smtp, for example:

:allow,GREYLISTING=""

Be aware that greylisting is never enabled for RELAYCLIENTS.

Finally, adjust the greylisting parameters in the /var/qmail/control/greylisting file

cat > /var/qmail/control/greylisting << __EOF__ 
mysql_default_file=control/mysql.cnf 
block_expire=2  
record_expire=2000  
record_expire_good=36  
loglevel=4 
__EOF__

block_expire=2 means that the IP will be blocked for 2 minutes, while record_expire=2000 means that after 2000 minutes it will be greylisted again.

Now install the program which will purge the database in your cronjob

cp greylisting_cleanup.sh /usr/local/sbin/greylisting_cleanup.sh
chmod +x /usr/local/sbin/greylisting_cleanup.sh

Here is a crontab example

# greylisting 
0 2 * * * /usr/local/sbin/greylisting_cleanup.sh >> /var/log/cron

If you want to use greylisting also in your submission port, it would be a good idea to switch off it in case the client have passed the authentication. In order to do this install the "skipifauth" plugin of the same author

wget https://notes.sagredo.eu/files/qmail/patches/qmail-spp/plugins/ifauthskip.c
cc -o /var/qmail/plugins/ifauthskip ifauthskip.c

and install it before greylisting in control/smtpplugin

[rcpt]
plugins/ifauthskip
plugins/greylisting

jgreylist

This is a greylist program by John Simpson. It is very good and I honestly I don't know if suggest this one or the previous one. It stores the data on files (have a look to the page of the author for details). He ships both a Perl and a C version of the program.

Here is how to install anche configure the C program:

cd /usr/local/src
wget https://notes.sagredo.eu/files/qmail/patches/greylisting/jms/jgreylist.c
wget https://notes.sagredo.eu/files/qmail/patches/greylisting/jms/jgreylist-clean

Compile and install

cc -o /var/qmail/bin/jgreylist jgreylist.c
chmod 0750 /var/qmail/bin/jgreylist
cp jgreylist-clean /usr/local/sbin/jgreylist-clean
chmod +x /usr/local/sbin/jgreylist-clean
chown root:root /usr/local/sbin/jgreylist-clean

Define your jgreylist directory (where the data will be saved) and let qmail-smtpd to write into it

mkdir -m 0700 /var/qmail/jgreylist
chown vpopmail:vchkpw /var/qmail/jgreylist

add these variables to your qmail-smtpd run file

export JGREYLIST_DIR="/var/qmail/jgreylist" 
export JGREYLIST_LOG_SMTP=1

finally execute jgrelist before qmail-smtpd, for example

exec /usr/local/bin/softlimit -m "$SOFTLIMIT" \
/usr/local/bin/tcpserver -4 -v -R -l "$LOCAL" \
-x /home/vpopmail/etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 25 \
/var/qmail/bin/jgreylist \
/var/qmail/bin/qmail-smtpd 2>&1

Install the "clean" program in your cronjob

# jgreylist
0 2 * * * /usr/local/sbin/jgreylist-clean >> /var/log/cron

Now restart qmail.


Bai Borko ha suggerito un approccio differente per quanto riguarda la pulizia del database jgreylist e ha postato il suo script qui. Sostanzialmente, invece di eliminare i record più vecchi, il suo script lascia i record di IP affidabili negli ultimi 30 giorni, basandosi sul log di qmail-smtpd.

Aggiungi un commento