Cheap and angry block 85% of spam: greysmtpd
Until I became a freelancer, I did not know what spam is. I had enough sense not to shine my email anywhere, but to use temporary emails for registrations on sites. And I got used to the fact that all my mail runs very fast, the letters never get lost, and no one complains that my server refused to accept his letter. Becoming a freelancer, I was forced to publish my email, and on many sites - because new customers should be able to easily contact me. And spam poured out ... at first in a small stream, but lately it already resembles a full-flowing river rather than a stream.
Using traditional spam filters (RBL, GMail, SpamAssassin, etc.) did not suit me: they all make mistakes from time to time, and they take normal letters for spam. And it doesn't matter if they crush them, return them to the sender, or store them in a separate folder so that I periodically look at them - in any case there is a non-zero chance of losing an important letter.
For several years, the problem was solved with the help of the deliver utility, which I wrote for the convenience of filtering mail. Perl programmers using qmail should like it: in fact, filtering is done using Perl regular expressions that are conveniently applied to the desired parts of the letter (the filter is a Perl script :)). I analyzed the received spam with my eyes, and carefully wrote regular expressions for it, which would not be 100% consistent with normal letters.
But lately, spam has been adapting to my interests, and disguised as an IT theme. And well, the dog is disguised - so well that I can no longer confidently write a regexp, which even by chance does not coincide with a normal letter. (Note that I cannot clearly distinguish a particular spam with manual regexp, in fact, even with a specialized Perl script, is no longer able, how can companions do SpamAssassin?)
')
I had to look for an alternative approach to this problem ... and it was found, it is greylisting ! Unfortunately, finding the greylisting implementation for qmail was not easy. In principle, there are several of them, but they either require qmail patch, are written on the knee, or are heavily overloaded with additional functionality. And I don’t like it much, I prefer simple, reliable and secure software - for example, the one that DJ Bernstein writes.
As a result, I first put qgreylistrbl - to test the effectiveness of greylisting. And then, delighted with the result of the work (but not the implementation) of qgreylistrbl, wrote greysmtpd .
It is very easy to install greysmtpd - it’s one of those “stuck and forgotten” that doesn't even need to be configured. A big plus of this approach is that spam will instantly become about 85% less, and at the same time you are guaranteed not to lose a normal letter. And if (when) spammers adapt to greylisting, then its effectiveness will fall, but there will still be no harm from it. In general, this thing from the category must have!
It should be noted that greysmtpd is optimized to minimize delays in the delivery of normal mail - in most cases, normal mail will be delivered without any delay, as if greysmtpd is not used at all. This is achieved using RBL and the built-in determinant of dynamic hosts (DSL, dial-up, etc.): if the sender's IP is not blocked in RBL and the sender's domain (PTR) does not look like a dynamic host, mail is skipped immediately without using greylisting. (Yes, I use RBL, but not to block mail, but only to force greylisting. For all of us, from time to time, we get into RBL.) In general, it turns out a kind of “soft greylisting” - a minimum of interference with normal operation with an excellent percentage blocked spam.
I tried to make the script myself reliable, simple and effective. For example, if any error occurs in the script, it simply skips the current letter, as if greysmtpd was not installed at all. The SMTP implementation is lapped one-to-one with the djb's rblsmtpd utility. And for efficiency, DNS queries are performed asynchronously. Well, plus all the possible optimizations that allow to avoid RBL requests altogether, since RBL stuff braked. Script size - 200 lines, 5.5KB.
The license, as usual, is the public domain.
Download: greysmtpd , deliver .
Criticism and code review are welcome. :)
Using traditional spam filters (RBL, GMail, SpamAssassin, etc.) did not suit me: they all make mistakes from time to time, and they take normal letters for spam. And it doesn't matter if they crush them, return them to the sender, or store them in a separate folder so that I periodically look at them - in any case there is a non-zero chance of losing an important letter.
For several years, the problem was solved with the help of the deliver utility, which I wrote for the convenience of filtering mail. Perl programmers using qmail should like it: in fact, filtering is done using Perl regular expressions that are conveniently applied to the desired parts of the letter (the filter is a Perl script :)). I analyzed the received spam with my eyes, and carefully wrote regular expressions for it, which would not be 100% consistent with normal letters.
But lately, spam has been adapting to my interests, and disguised as an IT theme. And well, the dog is disguised - so well that I can no longer confidently write a regexp, which even by chance does not coincide with a normal letter. (Note that I cannot clearly distinguish a particular spam with manual regexp, in fact, even with a specialized Perl script, is no longer able, how can companions do SpamAssassin?)
')
I had to look for an alternative approach to this problem ... and it was found, it is greylisting ! Unfortunately, finding the greylisting implementation for qmail was not easy. In principle, there are several of them, but they either require qmail patch, are written on the knee, or are heavily overloaded with additional functionality. And I don’t like it much, I prefer simple, reliable and secure software - for example, the one that DJ Bernstein writes.
As a result, I first put qgreylistrbl - to test the effectiveness of greylisting. And then, delighted with the result of the work (but not the implementation) of qgreylistrbl, wrote greysmtpd .
It is very easy to install greysmtpd - it’s one of those “stuck and forgotten” that doesn't even need to be configured. A big plus of this approach is that spam will instantly become about 85% less, and at the same time you are guaranteed not to lose a normal letter. And if (when) spammers adapt to greylisting, then its effectiveness will fall, but there will still be no harm from it. In general, this thing from the category must have!
It should be noted that greysmtpd is optimized to minimize delays in the delivery of normal mail - in most cases, normal mail will be delivered without any delay, as if greysmtpd is not used at all. This is achieved using RBL and the built-in determinant of dynamic hosts (DSL, dial-up, etc.): if the sender's IP is not blocked in RBL and the sender's domain (PTR) does not look like a dynamic host, mail is skipped immediately without using greylisting. (Yes, I use RBL, but not to block mail, but only to force greylisting. For all of us, from time to time, we get into RBL.) In general, it turns out a kind of “soft greylisting” - a minimum of interference with normal operation with an excellent percentage blocked spam.
I tried to make the script myself reliable, simple and effective. For example, if any error occurs in the script, it simply skips the current letter, as if greysmtpd was not installed at all. The SMTP implementation is lapped one-to-one with the djb's rblsmtpd utility. And for efficiency, DNS queries are performed asynchronously. Well, plus all the possible optimizations that allow to avoid RBL requests altogether, since RBL stuff braked. Script size - 200 lines, 5.5KB.
The license, as usual, is the public domain.
Download: greysmtpd , deliver .
Criticism and code review are welcome. :)
Source: https://habr.com/ru/post/41430/
All Articles