Exim + Greylist + Mrtg

Hi.
I was going to set this up as suggested by snk and realized there are some differences because I am using spamblocker 3. Can anyone make some suggestions on what modifications needs to be made for spamblocker 3?

I have the current greylisted installed I just need the changes for exim.conf.

For SpamBlocker 3 (3.2.6a-RC).
Please open your exim.conf and find this block:
Code:
# ACCEPT EMAIL BEGINNING HERE
  # accept if address is in a local domain as long as recipient can be verified
  accept  domains = +local_domains
          endpass
	  message = "Unknown User"
          verify = recipient

Add before:
Code:
# Perform greylisting.
    defer message 	= $sender_host_address is greylisted. Please try again later.
	log_message 	= greylisted.
	domains 	= +relay_domains : +local_domains
	!senders 	= : postmaster@*
	!hosts          = : +relay_hosts : \
			    ${if exists {/etc/greylistd/whitelist-hosts}\
                	    {/etc/greylistd/whitelist-hosts}{}} : \
			    ${if exists {/etc/virtual/whitelist-hosts}\
                	    {/etc/virtual/whitelist-hosts}{}}
                	    
	verify         	= recipient/callout=5s,use_sender,defer_ok
	condition      	= ${readsocket{/var/run/greylistd/socket}\
	                   {--grey $sender_host_address $sender_address $local_part@$domain}{5s}{}{false}}

Hope this help.

FYI. This is not tested by me, for now i use "simple" selective greylisting without any external soft or daemons.
 
Last edited:
So does this mean we should not use:

Code:
     drop  message = Use your provider SMTP. Email blocked
        condition = ${if match{$sender_host_name} \
                          {adsl|dialup|pool|peer|dhcp|dsl|broadband|ppp|dynamic|cable} \
                          {yes}{no}}
        hosts   = !+relay_hosts
        domains = +use_rbl_domains
        !authenticated  = *
 
So does this mean we should not use:

Code:
     drop  message = Use your provider SMTP. Email blocked
        condition = ${if match{$sender_host_name} \
                          {adsl|dialup|pool|peer|dhcp|dsl|broadband|ppp|dynamic|cable} \
                          {yes}{no}}
        hosts   = !+relay_hosts
        domains = +use_rbl_domains
        !authenticated  = *

This part of code not related to greylist.
 
Is this working stable now? I would like to implement with SpamBlocker 4.1, anyone had experience with this and should update this Howto?

Thanks
 
How can i disable greylisting for specific domains?

You might need to add an exclusion in this line:

Code:
domains 	= +relay_domains : +local_domains

Check with exim documentation.

Is this working stable now? I would like to implement with SpamBlocker 4.1, anyone had experience with this and should update this Howto?

Why would you ever need it? I'm thinking about giving a try.... but I'm not sure would it be a good solution. The only one thing is troubling me for now is spam to e-mail address, where sender's address matches recipient's. I guess greylisting might help with it, but I don't like delays with delivering.
 
Yep i thot that too about incoming mail delay, but, once a mail is checked as "good" (at least the server not pushing too many try in few time) the delay should not be applied anymore, right? I mean, once is ok with greylist should be whitelist i suppose. Is that a practice way or must check with delay every time for every domain/server?

Thanks for your suggestions
 
I'm not sure about how greylistd (particulary) does the work. Of course if I decide to use it, or if I am asked to install it, I'll spend necessary time to get into details. My supposition would be that IP of a valid sender's SMTP server would be white-listed, not an email address.
 
You might need to add an exclusion in this line:

Code:
domains 	= +relay_domains : +local_domains

Check with exim documentation.

I created file exclusion_domains_greylisting and add to this line -exclusion_domains_greylisting but doesn't work.

Code:
domains         = -exclusion_domains_greylisting : +relay_domains : +local_domains
 
I found solution. :) Should be

Code:
 domains         = !+exclusion_domains_greylisting : +relay_domains : +local_domains
 
Out of interest, I've had greylistd running for over 4 years and here are the stats.


# greylist stats
Statistics since Sat May 24 16:27:47 2008 (1575 days and 7 hours ago)
---------------------------------------------------------------------
20273 items, matching 94245 requests, are currently whitelisted
0 items, matching 0 requests, are currently blacklisted
153 items, matching 155 requests, are currently greylisted

Of 8927624 items that were initially greylisted:
- 523513 ( 5.9%) became whitelisted
- 8404111 ( 94.1%) expired from the greylist
 
I obviously didn't count all 8.4 million messages but I would say that yes, the vast majority was spam. Many would have been filtered out later by MailScanner+SpamAssassin but the main reason I used greylisting was that my CPU was being overloaded.
 
In setting up my new server this weekend I came across a difference in the way Exim version 4.76 deals with the /etc/greylistd/whitelist-hosts file compared to Exim 4.60. This file is installed with greylistd.

The same applies to any similar whitelist or blacklist file used with exim 4.76, ie, this doesn't necessarily only concern the use of such files with greylistd.

It took me a lot of trial and error to figure out what was going wrong so to save others the bother, here's what I found.

My new server has greylistd 0.8.7 installed. If you look at /usr/share/doc/greylistd-0.8.7/examples/whitelist-hosts it says:
### Most MTAs support at least the following:
### - A single IPv4 address, consisting of 4 octets (0-255): 192.168.0.1
### - Between one and three octets, indicating an IPv4 network: 192.168.0
### - A single host name: gluck.debian.org
### - Wildcards in a host name: *.debian.org
###
### Exim 4 supports much more elaborate syntax, including regular expressions
### starting with "^" (e.g.: ^..crm[hx]c..\.comcast\.net), IP addresses with
### netmasks (10.0.0.0/8, 10.0.0.0/255.0.0.0), etc. For full detail, refer to
### section 10.8 in the Exim 4 "spec.txt" file.

However, exim does not support:
### - Between one and three octets, indicating an IPv4 network: 192.168.0

This was true in 4.6 and is still true in 4.76.

What has changed is that if 4.76 encounters such an invalid entry then it stops reading the file!

My old server ran greylistd 0.8.6 and the /root/greylistd-0.8.6/config/whitelist-hosts is similar to the 0.8.7 version but the 0.8.6 version contains these entries right at the start:

192.168 # Don't delay our private networks either
10 # Private net (class A)
172.16 # Another private net (inidividual entries, since can't
172.17 # do a /12 netmask easily

Now I used /root/greylistd-0.8.6/config/whitelist-hosts as the basis of my /etc/greylistd/whitelist-hosts and I copied it to my new server.

This new behaviour of exim therefore affected me particularly badly. By the way, my /etc/exim.conf references /etc/greylistd/whitelist-hosts in the standard way like this:
defer
-- snip --
!hosts = : +relay_hosts : \
${if exists {/etc/greylistd/whitelist-hosts}\
{/etc/greylistd/whitelist-hosts}{}}

Because my whitelist-hosts file had the 1 octet entry
right at the top, the rest of my entries were ignored by exim 4.76! Essentially, it seems as if exim 4.76 reads the file from the top and as soon as it encounters an invalid entry it stops and doesn't read the rest of the file!

Exim 4.6, on the other hand, ignored all 1, 2 and 3 octet entries but carried on reading the file and applied the other entries.

This is to my mind a bug.

Be warned!
 
So, you did not find a way to make Exim to correctly interpret such records as
Code:
10.
Right ? You might want to try

using net-iplsearch and add networks like this 10.0.0.0/8, 10.0.0.0/255.0.0.0

By the way why are referring to Exim 4.76, when the latest available version for directadmin servers is Exim version 4.80.
 
Yeah, I forgot to mention the workaround is to use, eg,
192.168.0.0/16
rather than:
192.168

As for the exim version are you saying that 4.80 fixes this issue?

I have no intention upgrading exim. It has taken me far too long to get this version working properly.

In general, what I am surprised about is how quickly exim has just gone off the radar. It's no longer the default MTA with any linux distro and as a result, I found I was very much on my own trying to get it to work with MailScanner and greylistd, ie, not just a case of a quick google to find the answer.
 
I've enabled greylistd on CentOS 6 64bit, using the guide. That seems to be working fine:

Code:
Statistics since Tue Sep 18 00:04:21 2012 (15 hours and 19 minutes ago)
-----------------------------------------------------------------------
23 items, matching 48 requests, are currently whitelisted
 0 items, matching  0 requests, are currently blacklisted
 0 items, matching  0 requests, are currently greylisted

Of 21 items that were initially greylisted:
 - 26 (123.8%) became whitelisted
 - -5 (-23.8%) expired from the greylist
 
There is already everything posted in the post #1, so I did not add anything from myself. One thing is different I did not add those HELO checks, as they already exists there, and did not add hostnames checks. So I added into exim.conf only that part which is stated there in the post as "# Perform greylisting."
 
Back
Top