Spam filtering considerations: Postfix, Postgrey and policyd-weight

Hellos!

Before I started the migration to Virtualmin for my hosting needs, I was running my stuff on Windows (well, I still am, partly), and used a self-written SMTP gateway software for first-level spam filtering. I had coded a mixture of protocol and header inspection, selective greylisting, tarpitting and DNSBL queries there. I found it to be working very well.

Now I’m wondering if the same or a similar functionality can be achieved with Linux.

After googling around for a while, I’m quite positive the aim can be achieved using the software listed in the subject, but I haven’t found any article which would describe a combination that results in my precise setup.

So, maybe if there’s some Postfix-versed users here, those could give me a hint? I’m trying to achieve the following:

  • First, I do some protocol and header checks. Reject invalid HELO and Spamhaus-listed IPs and stuff. Those things are/should be possibe with Postfix (already using Spamhaus there) and policyd-weight.

  • Then I choose which delivery attempts should go through greylisting. I employ both regular expressions on the deliverer IP’s reverse-DNS (to scan for dialup-like-looking hostnames) and query a DNSBL that lists dialup IPs. I’ve seen regular expressions and DNSBL queries in policyd-weight, but not yet how one can combine those to tell Postfix that it should do Greylisting if any of those match.

  • For Greylisting, I use a very high retry-time of like 6 hours. Since only dialup IPs should be caught in this, and most spam comes from there, and what comes from there is mostly spam, I find that appropriate. If a spammer is “intelligent” enough to actually retry after that long time, they’re usually listed in Spamhaus meanwhile. :slight_smile: Gotcha.

So, basically I’d like to combine Postgrey and policyd-weight, to “super-greylist” only connections whose RDNS matches regexps or are listed in dialup DNSBLs. Can that be done? And if so, how?

Thanks in advance for help!

Your best bet is to look at the examples on the postifx web site. The answer is yes, it can be done with postifx, and a whole lot more.

Also consider using the DNSWL, however, you can’t rsync it any more so you have to install postfwd to use it.

Much of what you are asking is configured via the VIrtualmin product actually, there are screens for RBL, etc.