postfix 加上 postgrey 擋垃圾信件

PostGrey 是什麼

相對於黑名單 blacklist 及白名單 whitelist，postgrey 是一灰名單 greylist 的防廣告信機制。
它的作用是讓信件在第一次時就 reject，並記錄這段連線資料，等下次同樣的郵件再來第二次或第三次時再把它收下來，它的功效這時就很清楚了，正常的信件應該都會重試寄發尚未寄出的信。

一些觀念可參考
http://blog.t-times.net/ada/space/start/2006-12-25/1#對抗垃圾信，使用_Postgrey
http://linux.vbird.org/linux_server/0380mail.php#adv_postgrey

Fedora core 6

1.) 安裝
yum install postgrey

rpm -ql postgrey

/etc/postfix/postgrey_whitelist_clients
/etc/postfix/postgrey_whitelist_clients.local
/etc/postfix/postgrey_whitelist_recipients
/etc/rc.d/init.d/postgrey
/usr/sbin/postgrey
/usr/sbin/postgreyreport
/usr/share/doc/postgrey-1.27
/usr/share/doc/postgrey-1.27/COPYING
/usr/share/doc/postgrey-1.27/Changes
/usr/share/doc/postgrey-1.27/README
/usr/share/doc/postgrey-1.27/README-rpm
/usr/share/man/man8/postgrey.8.gz
/var/spool/postfix/postgrey

2.) 啟動 postgrey

service postgrey start

more /var/log/maillog

Nov 12 00:28:50 ssorc postgrey: Process Backgrounded
Nov 12 00:28:50 ssorc postgrey: 2007/11/12-00:28:50 postgrey (type Net::Server::Multiplex) starting! pid(23958)
Nov 12 00:28:50 ssorc postgrey: Binding to UNIX socket file /var/spool/postfix/postgrey/socket using SOCK_STREAM
Nov 12 00:28:50 ssorc postgrey: Setting gid to “107 107”
Nov 12 00:28:50 ssorc postgrey: Setting uid to “106”

ps axu | grep postgrey

/usr/sbin/postgrey -d –unix=/var/spool/postfix/postgrey/socket

3.) 設定 postgrey for postfix

第一種設定方式
vi /etc/postfix/main.cf

smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_policy_service unix:/var/spool/postfix/postgrey/socket

第二種設定方式
a.) vi /etc/sysconfig/postgrey

OPTIONS=”–inet=127.0.0.1:10023″

b.) vi /etc/postfix/main.cf

smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
check_policy_service inet:127.0.0.1:10023

service postgrey restart
postfix reload

4.) 收發信件

Mail Server 端記錄

Nov 12 00:37:48 ssorc postfix/smtpd[25217]: connect from ssorc2[1.2.3.4]
Nov 12 00:37:49 ssorc postfix/smtpd[25217]: NOQUEUE: reject: RCPT from ssorc2[1.2.3.4]: 450 4.7.1 <cross@ssorc.tw>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/ssorc.tw.html; from=<root@ssorc2.tw> to=<cross@ssorc.tw> proto=ESMTP helo=<mail.ssorc2.tw>
Nov 12 00:37:49 ssorc postfix/smtpd[25217]: disconnect from ssorc2[1.2.3.4]

Client 端記錄

Nov 12 00:37:48 ssorc2 postfix/smtp[32396]: 30880714220: to=<cross@ssorc.tw>, relay=mail.ssorc.tw[218.160.157.129], delay=0, status=deferred (host mail.ssorc.t
w[218.160.157.129] said: 450 4.7.1 <cross@ssorc.tw>: Recipient address rejected: Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/ssorc.tw.html (in
reply to RCPT TO command))

Mail Server 端記錄

Nov 12 01:07:56 ssorc postgrey: delayed 1807 seconds: client=ssorc2, from=root@ssorc2.tw, to=cross@ssorc.tw