Hi Jeff
Thanks for your tip about /etc/passwd - you're right, the mail account was set to /sbin/nologin.
I have now managed to get greylistd working. I used the greylistd_0.8.6-0.1.tar.gz version from
http://packages.debian.org/unstable/mail/greylistd and followed instructions I found on this thread.
I made some changes to exim.conf other than those described in this thread. Main one was to reference the /etc/greylistd/whitelist-hosts whitelist file:
Code:
# --------------------------------------------------------------------
# Check greylisting status for this particular peer/sender/recipient.
#
# Note that we do not greylist messages with NULL sender, because
# sender callout verification would break (and we might not be able
# to send mail to a host that performs callouts).
#
defer
message = $sender_host_address is not yet authorized to deliver mail \
from <$sender_address> to <$local_part@$domain>. \
Please try later.
log_message = greylisted.
domains = +local_domains : +relay_domains
!senders = : postmaster@*
!hosts = : +relay_hosts : \
${if exists {/etc/greylistd/whitelist-hosts}\
{/etc/greylistd/whitelist-hosts}{}}
set acl_m9 = $sender_host_address $sender_address $local_part@$domain
set acl_m9 = ${readsocket{/var/run/greylistd/socket}{$acl_m9}{5s}{}{}}
condition = ${if eq {$acl_m9}{grey}{true}{false}}
delay = 20s
# --------------------------------------------------------------------
It's important to decide where to put the greylist stuff in the exim.conf - it must be placed above the part that accepts mail for domains you host or else, obviously, it will never get called.
I've added the IP ranges I can find for Microsoft, Google, Yahoo, Facebook, etc to the whitelist-hosts file and will carry on updating it.
The greylistd install comes with some man pages (listed in greylistd-0.8.6/debian/manpages):
greylistd-0.8.6/doc/man1/greylist.1
greylistd-0.8.6/doc/man8/greylistd-setup-exim4.8
greylistd-0.8.6/doc/man8/greylistd.8
I just copied the .8 ones to /usr/share/man/man8 and the .1 one to /usr/share/man/man1 and voila, I can now type man greylist or man greylistd for some help.
I noticed that I had a user called greylistd (I've spent so long on this that I can't remember how it got there) so I decided to run greylistd under that account. It meant I didn't need to mess about changing the mail account.
Create the greylistd user/group and add the mail user to it I got this from
here:
Code:
useradd greylistd
groupadd greylistd
usermod -g mail -G greylistd mail
I made greylistd the owner of all the greylist stuff, as per the top post in this thread.
Of more interest are the results. The domains I host all have a secondary MX record. I pay a 3rd party for this facility. Even though I believe they use sbl-xbl, it is obviously a loophole. Still, while I'm in the early stages then this suits me because I don't want to block messages in error.
To give you some idea of volumes, yesterday over 80,000 SMTP connections were made to my server. Of these, over 42,000 tried to send a message with the rest being "incomplete transaction"s. Yesterday was Saturday and my customers are all businesses so on a weekday this number would be significantly greater.
Today, as at 13:45 we're at over 44,000 connections so about the same.
Before I began my greylisting project I was using MailScanner/SpamAssassin to check all the mail and delete high scoring spam. If a server was listed by two of the big RBLs such as sbl-xbl, spamcop, etc it was enough to ensure mail was deleted. One customer, for example, received over 18,000 connections one day last week and my server relayed on 1,695.
The problem I had was that my server was running ten to the dozen scanning all this rubbish for viruses and spam. Also, the customer who gets 1,695 messages per day was unhappy.
So earlier in the week I turned on sbl-xbl checking on Exim and of the 80k connections from yesterday, 69k or 86% were blocked. That really helps reduce the load on my server.
I've kept the sbl-xbl and it runs before the greylisting. My stats look like this:
Statistics since Sat May 24 16:27:47 2008 (21 hours and 37 minutes ago)
-----------------------------------------------------------------------
1353 items, matching 1358 requests, are currently whitelisted
0 items, matching 0 requests, are currently blacklisted
6117 items, matching 6144 requests, are currently greylisted
Of 8135 items that were initially greylisted:
- 1353 ( 16.6%) became whitelisted
- 6782 ( 83.4%) expired from the greylist
Looking at what MailScanner is up to, on 23rd May it processed 37,700 messages. In the last 10 hours it has processed 1,025 messages. Of these, 865 were classified as spam, of which 594 were classified as high scoring spam and deleted.
The difference is massive.
Previously the cpu was running at over 85% constantly, now I'm seeing figures like 0.7% with spikes occurring as messages are scanned for viruses.
As for the greylistd whitelisting, I have about 1,378 whitelisted now and 932 of these are from my secondary MX. The secondary MX is currently being greylisted for each sender and recipient address that goes via this route. In due course I may get rid of the secondary MX but I need to be sure that important mail isn't being blocked first.
Phew! Long post.