Malware / Spam Control

Postgrey — Greylisting

Postgrey implements greylisting: new sender+recipient+IP combinations are temporarily rejected. Legitimate mail servers retry; spambots typically do not.

Install

apt install postgrey
systemctl enable postgrey
systemctl start postgrey

Configure Postfix

Add to /etc/postfix/main.cf:

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    check_policy_service inet:127.0.0.1:10023

Postgrey listens on port 10023 by default.

Whitelist

/etc/postgrey/whitelist_clients:

# Allow known good senders without greylisting
.google.com
.microsoft.com
amazonses.com

postgreyreport — Greylisting Statistics

# Install
apt install postgreyreport

# Generate report from mail log
postgreyreport --nosingle_line < /var/log/mail.log

# With HTML output
postgreyreport --html < /var/log/mail.log > /var/www/html/greylisting.html

The report shows:

• Total greylisted connections
• How many were retried (legitimate) vs abandoned (spam)
• Top blocked sender domains

SpamAssassin

apt install spamassassin spamc

# Update rules
sa-update

# Enable
systemctl enable spamassassin
systemctl start spamassassin

In Postfix master.cf, add a spam filter:

smtp      inet  n       -       -       -       -       smtpd
  -o content_filter=spamassassin

spamassassin unix - n n - - pipe
  user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}