垃圾邮件的问题太头痛,虽然有使用SpamAssassin做些垃圾邮件识别,但仍然有很多垃圾邮件进入到服务器。近日想为Qmail邮件服务器增加灰名单机制,从行为上控制垃圾邮件。

在网上搜索了一下,SpamLinks提到Qmail下可使用的几种方案 (http://spamlinks.net/filter-server-greylist.htm#implement-qmail )

分别为:
qgreylist - www.jonatkins.com/page/software/qgreylist
qmail greylisting - www.datenklause.de/en/software/qgreylistrbl.html
Qmail Greylisting - www.digitaleveryware.com/projects/greylisting/
qmail-greylist-pgsql - qgreylist-pgsql.sourceforge.net/
greylite - mij.oltrelinux.com/net/greylite/

逐个对比了一下,IPaddr个人感觉Greylite不错,小巧灵活,以下摘录官方的安装文档,准备这两天安装测试一下:
(ipaddr提醒:使用其它的Greylisting,可能会导致一些网站直接使用程序通过SMTP协议发送邮件时发送失败。此外,类似Foxmail, Outlook的客户端,发送邮件时也会有延迟,但使用Greylite时,特别针对SMTP AUTH做了处理,Foxmail, Outlook客户端在通过SMTP AUTH认证后,发送邮件不会有延迟.)

Greylite installation

Greylite works on UNIX.

You can spare time if a greylite package exists for your OS' package manager.

Installation timings / effectiveness

Greylite can be combined with several tunings for improving its effectiveness.

upstream servertuning suspicioneffectivenesstime required
qmailnoabout 70 %about 10 mins
qmailyes99+ %1 hour
any SMTPnoabout 70 %15 mins
any SMTPyes99+ %1 hour

This is a rough estimate including the time required to follow/learn the documentation and excluding the time for providing dependencies. Installing from package managers can significantly reduce these timings.

Installation types

Greylite works in a modular fashion similarly to qmail.

It can be interfaced directly to qmail in its module chain, or it can equivalently be used with any SMTP server in the guise of a greylisting proxy.

In either case, greylite has some requirements you should fulfill before installing.

The installation is documented separately for each type for simplicity:

Test the service

See test greylite.

After the basic setup

The basic setup usually reduces SPAM by 70% or more. Using a suspicion ruleset usually reduces SPAM by 99% or more.

The greylisting delay can be more effectively cut for large mailserver networks.

-------------------------------------------

Setup greylite with qmail

In this setup, greylite is a module in the UCSPI chain that anticipates qmail-smtpd.

Nota bene: some users reported to have problems with the STARTTLS command when greylite wraps qmailrocks combined with the JMS patch. If you want to stick with both you're forced to use greylite in proxy mode, which is reported to solve the problem.

Fetch, compile, install

  1. Fetch the last greylite release.
  2. Extract the software:
    tar xjvf greylite-VERSION.tar.bz2 cd greylite-VERSION 
  3. compile and install:
    make all install
    Notes:
    • if BSDmake is used to compile instead of GNUmake, rename Makefile.bsdmake to Makefile before compiling
    • WITH_GEOIP=yes can be appended to the make command line for enabling GeoIP support in suspicion rules
    • WITH_DNSBLENV=yes can be appended to the make command line for installing the dnsblenv module
    • WITH_UCSPI2SOCKET=yes can be appended to the make command line for installing the ucspi2socket module

Setup in the system

  1. Create the database file:
    mkdir -p /var/db/greylite sqlite3 -init greydb.sql /var/db/greylite/greylite.db 
    (Ipaddr特别提醒:需要设置greylite.db的访问权限,否则可能会导致greylite运行在vpopmail时,无法写入greylite.db文件, chown -R vpopmail.vchkpw /var/db/greylite)
    exit from the sqlite console with .quit or Ctrl-D.
  2. insert greylite in the qmail chain (the standard run file from lifewithqmail.org is used as example). Edit /var/service/qmail-smtp/run and insert the red bloc:
  3. ... /usr/local/bin/tcpserver -v -R -l "$LOCAL" \\    -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \\    -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \\    /usr/local/bin/greylite /var/qmail/bin/qmail-smtpd 2>&1 
    then restart the service:
    svc -t /var/service/qmail-smtp 
  4. greylite is transparent as long as the GREYLIST environment variable is not set, that is, it passes the control to qmail-smtpd without doing anything. The GREYLIST variable can be set from the CDB file. Edit the /etc/tcp.smtp file and insert the red block:
    ... :allow,GREYLIST="" 
    don't forget to regenerate the rules file:
    cat /etc/tcp.smtp | tcprules /etc/smtp.cdb /tmp/tmprulesfile.cdb 
    (or use make, if the Makefile is available).
    You can append more environment variables for greylite control, all comma-separated and with values delimited by quotes.

Done.

Net | 评论(0) | 引用(0) | 阅读(6018)