12.27.06
Using a Greylist to Stop Spam Forever
I know this isn’t exactly a virtualization topic, but many virtual servers are liable to be email servers, and this definitely applies. About 4 months ago I got sick of the spam that was coming into all my domains. Even putting in Spam Assassin and ClamAV didn’t seem to stop it completely, and my poor little cobalt raq 5 server was under strain just from the spam. I did some reading and found information on something called a greylist. This almost magical solution completely eliminated all spam to my inbox overnight. Since implementing this solution, not only have I not gotten ANY spam on my server, I was able to uninstall Spam Assassin since there was nothing for it to catch anymore.
I am using the postgrey addon for the postfix mail server. Postfix is much easier to use and configure than most of the other email servers out there, so that’s what I run. Installing postgrey was fairly easy, their website has excellent docs on how to get it up and running in just a few minutes. Immediately I was able to see the rejected emails in the logs, and since I installed it, haven’t gotten even 1 piece of spam. That’s an amazing feat for such a simple to install and configure service. Not only did it eliminate the spam from my inbox, but it reduced the load on my server. All those spam messages didn’t make it into Spam Assassin, so they didn’t take any server resources in order to be denied. Doing things the old way with Spam Assassin, every spam ate up cpu and i/o on my server, as Spam Assassin chugged away at it, trying to determine if it was spam or legitimate email.
Using a greylist adds some time to email delivery, since the entire idea behind it is that spammers never resend a failed or blocked message. You see a spammer will use software that hammers away at mail servers, usually on domains that mail server actually handles, in order to send spam to accounts that are valid for that server. Greylisting puts up a temporary block to ALL emails. Once it has blocked an email, it remembers the person the email was addressed to, as well as the server that tried to send it. The SMTP protocol used for relaying mail has the ability to queue a failed message for a while, then try to resend it. The greylist service uses the remembered recipient and delivering mail server to allow legitimate email to pass through on a second delivery attempt. Spam software only tries to deliver a message once, if it’s rejected the software moves onto the next email address in their list, without a resend. This means spam messages get blocked, and due to the nature of SMTP, real email gets redelivered a second time and is allowed in.
Greylisting is so good at blocking spam that I have turned off Spam Assassin on my server, since it’s just overhead on every email that I no longer require. The delay for emails to be delivered is typically 5 to 10 minutes, but that’s a small price to pay for a spam free inbox. I highly recommend anyone that runs an email server to enable greylisting if their email server software supports it, or to seek out an add-on module for their software and use this service. If you require real-time delivery of email, you shouldn’t use a greyllist, but most everyone can handle a short delay in email to rid their server of any and all spam. If you currently use Spam Assassin and are concerned with the load on your server, implementing a greylist can greatly reduce the load on your server, and help to block even MORE spam than you do already. I am very happy with the results of adding a greylist to my mail server.