Implemented greylistd on CentOS 6.3 64bit, Spamblocker 4.1 using this guide. Reduced spam by 95%. Needed some manual whitelisting of IP's to achieve smooth operation of greylsting.
To make it work had to make following change,
nano /etc/init.d/greylistd
start() {
# Start daemons.
echo -n $"Starting greylistd: "
# daemon --user greylistd /usr/sbin/greylistd
initlog $INITLOG_ARGS -c "su -s /bin/bash - greylistd -c \"/usr/sbin/greylistd > /dev/null 2>&1 &\""
sleep 2
to
start() {
# Start daemons.
echo -n $"Starting greylistd: "
# daemon --user greylistd /usr/sbin/greylistd
# initlog $INITLOG_ARGS -c "su -s /bin/bash - greylistd -c \"/usr/sbin/greylistd > /dev/null 2>&1 &\""
su -s /bin/bash - mail -c /usr/sbin/greylistd > /dev/null 2>&1 &
sleep 2
Used only # Perform greylisting. in /etc/exim.conf helo checks are fine in spamblocker 4.1
Initially faced problem with Email providers using large pool of SMTP IP's Like Gmail, Messaging.Microsoft.com, Messagelabs.com and few others, mails were getting delayed by 3-4 hours since they use a different IP for each mail delivery attempt so all attempts will get grey listed repeatedly. The solutions is to go to
http://www.senderbase.org find IP range google.com > export > add to /etc/virtual/whitelist_hosts_ip
Check couple of times a day for few days to see big spammers trying to sent mails to multiple domains on your server.
greylist list --grey
Check Senderbase.org spammer IP, export spammer IP ranges
Add big spammer IP's to /etc/virtual/bad_sender_hosts_ip couple of thousand spammer IP will block lots of spam.
Add spammer e-mail ID's like
[email protected] to /etc/virtual/blacklist_senders
Change spamblocker 4.1 /etc/exim.conf
hostlist bad_sender_hosts = lsearch;/etc/virtual/bad_sender_hosts
to
hostlist bad_sender_hosts = wildlsearch;/etc/virtual/bad_sender_hosts
Add spammer hosts like
*.bigspammerhost.com
To catch and blacklist more spammers install
http://www.vanheusden.com/multitail/ RPM's are here
http://pkgs.org/download/multitail
# Make it colorful
nano /etc/multitail.conf
add
# exim
colorscheme:exim
cs_re:cyan::
cs_re:blue|blue,,bold:^....-..-.. ..:..:..
cs_re:magenta,,bold:<=
cs_re:green,,bold:=>
cs_re:green,,bold:=> *[^ ]*
cs_re:magenta,,bold:<= *[^ ]*
cs_re:green,,bold:=> *[^ ]* <[^>]*>
cs_re:magenta,,bold:<= *[^ ]* <[^>]*>
cs_re:yellow:H=[^ ]*
cs_re:cyan:\[[0-9\.:]*\]
cs_re:red:Email blocked by.*
cs_re:red:verify failed for SMTP recipient.*
cs_re:red: *[^ ]* \[[0-9\.:]*\]: Connection refused
cs_re:red:SMTP.*timeout.*
# Now watch and catch spammers in real time
multitail /var/log/exim/mainlog /var/log/exim/rejectlog
Cheers ! enjoy hunting spammers ;-)