User Guide - Greylist Spam Filter
- 01/02/2007 10:55 PM
Applicable Plans: All Standard VPS, all Advanced VPS, all Premier VPS plans
Important Note: All domains that use eApps DNS and have mailboxes on the eApps service use the highly effective SpamExperts SPAM/Virus filtering service by default. In most cases the Greylist filter is not needed, and will consume some of your resources.
Definition of Greylisting
Greylist filtering is a new method of blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mailserver.
eApps uses the milter-greylist, a stand-alone milter written in C that implements the greylist filtering method, as proposed by Evan Harris.
Grey listing works by assuming that, unlike legitimate mail transport agents (MTA), spam engines will not retry sending their junk mail on a temporary error. The filter will always reject mail temporarily on a first attempt, then accept it after some time has elapsed.
In layman's terms, milter-greylist intercepts the message before the receiving mail server gets it and sends a message to the sending mail server saying “I am busy, please retry a little later.” Legitimate mail servers will retry within an hour or so. Spammers, however, will rarely try to resend the SPAM message. This is because spammers tend to send mail using non-compliant mail servers, most of which are actually “zombie” mail servers embedded in infected computers. Also, the black list services are becoming more adept at blacklisting zombie mail servers within a very short time, so the spammers use a “spam and run” approach when sending mass SPAM. They know that the more they retry to send SPAM the sooner the computer they are sending it from will get blacklisted.
Not everyone wants greylisting. It is extremely efficient against spam, but it introduces a delay in legitimate mail delivery the first time a message is received from a sender. Users that currently receive no spam (because their address has not yet been harvested by spammers) perhaps will not want to trade the extra delay for nothing. Also, some companies that have time sensitive email requirements may not want to experience any delays at all. In order to minimize the impact of delays, the milter-greylist has been enabled for auto-whitelisting.
Auto-whitelisting
In order to minimize the impact of the delay caused by grey-listing, each time a message is accepted, the tuple (sender IP, sender e-mail, recipient-email) gets auto-whitelisted. Subsequent messages matching the same tuple will pass through with no delay. In layman's terms, the milter-greylist delays the first message you get from a recipient, generally for up to one hour, depending on the retry setting of the sending mail server. The next time your receive a message from the same sender, the message is allowed to come through immediately. Basically this means that the you will have a delay of up to one hour or so, depending on the sending mailserver, only the first time a person sends you a message. Each time after that the message is not delayed.
Effectiveness
At the time of this writing, milter-greylist is extremely effective at filtering out SPAM. Tests show that it filters out 80% or more of SPAM. At some time in the future, SPAMMERS may decide that it it worth it to emulate legitimate mail servers, and resend the SPAM message. At this time, however, very few do.
How do I Activate milter-greylist?
Milter-greylist is one of the few applications that you can not install from your Control Panel. The primary reason is because a configuration parameter must be set manually to identify your valid hostnames. To request milter-greylist, send a message to support@eapps.com with GREYLIST in the subject. Please identify yourself and your domain name in the message. An eApps technical support representative will activate milter-greylist for you and configure your hostname.
Administration
One of the best things about milter-greylist, is that very little administration is required. There are no client side settings or configuration requirements. The only server side setting required is to specify the hostname used for mail. eApps personnel will update the server side configuration setting for your primary domain when you request milter-greylist.
*** Please note that ANY TIME you add a domain to your VPS, you will have to update the configuration parameters to specify the host name. If you have more than one domain when you request milter-greylist, eApps will configure your primary domain as an example. You can then configure all of your domains, or any new domains you add later, using the following instructions:
Either from the the command line, or from the file browser in your control panel, you will need to edit the file called /etc/mail/smfs/smf-grey.conf. Look for the line that was added by one of our technical support representatives at install. It will look like this:
WhitelistFrom @your-domain.com
Where “your-domain” is the name of your primary domain. Underneath this line, you will need to add a similar line for every domain on your system.
Once you have added one line for each domain, both Sendmail and the Greylist filter must be restarted for the changes to take effect. If you are working from the command line, you can issue these commands:
service smf-grey restart
and,
service sendmail restart
Note: If the command "service sendmail restart" fails to work, and says something like "sendmail: unrecognized service", that means that Sendmail is not running as a standalone service. Instead, you'll need to issue the command, "service xinetd restart".
If you are working from your control panel, you can select the System tab at the top, then click Services under the the Service Management section on the left navigation menu. From here you can individually click sendmail and smf-grey to see the restart option.
Failure to add this configuration yourself, or to have eApps Support add it, will result in outgoing email for this domain failing.
Risks
The risks in using milter-greylist are small. The primary risk is that a legitimate mailserver is not compliant and ignores the “try later” message. In other words, they refuse to send the message again even when told that the receiving mailserver is busy. Very few sending mailservers are not compliant in this regard, but there are some. Milter-greylist does contain a list of known non-compliant mailservers from large service providers but this list is not actively maintained by eApps. The only time this list will be updated is when a new version of milter-greylist is made available and upgraded in your VPS system.
Use of milter-greylist is at your own risk. eApps Hosting does not assume responsibility for lost messages due to the use of any component of the eApps service.