Here's a howto i modified to setup cqGreylist on an SME server.
Hope this helps someone.
-Harry Incs
harry at networkincs.com
-----------------------------------------------------------------------------------------
cqGreylist for SME
cqGreylist - plain greylisting for qmail
------------------------------------------
Original software from
http://oss.albawaba.com/cqgreylist.htmlThese instructions have been modified for the SME server.
What is greylisting?
--------------------
Greylisting is a new method of blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mailserver.
Greylisting relies on the fact that most spam sources do not behave in the same way as "normal" mail systems. Although it is currently very effective by itself, it will perform best when it is used in conjunction with other forms of spam prevention. For a detailed description of the method,
See
http://projects.puremagic.com/greylisting/ for more details.
What is cqGreylist?
------------------
cqgreylist is an implementation of greylisting written in C for qmail, I wrote it in C because the other perl implementation out there were just too slow for my needs and brought the server to its knees with 70-100 concurrent smtp connections, so this implementation is intended for heavy traffic servers (250,000+ smtp connections per day).
I wrote this with the help of the two perl implementations found here
( Sirko Zidlewitz )
http://www.datenklause.de/en/software/qgreylistrbl.htmland here
( Jon Atkins )
http://www.jonatkins.com/page/software/qgreylistplease note that this implementation provides only greylisting based on the source IP address and not the full triplet as suggested in the greylisting whitepaper.
Requirements
------------
make, gcc & glibc I guess, I didn't use fancy libraries.
Download cqGreylist
------------------
The latest version can be found at:
http://oss.albawaba.comInstalling cqGreylist ****Modified for SME Server*******
--------------------
1 - untar
#tar -zxvf cqgreylist-0.2.tar.gz
2 - change basic configuration, its noted what variables you can change
#cd cqgreylist-0.2
#vim cqgreylist.c
3 - create the folder to hold the files
#mkdir /var/qmail/cqgreylist
#chown qmaild: /var/qmail/cqgreylist
4 - compile ***you will need GCC installed, or you can compile on a CentOS machine like i did******
#make
5 - copy the binary
#cp cqgreylist /var/qmail/bin/
6 - edit the run script for smtpfron-qmail, located in /service/smtpfront-qmail/run
add the line below above "/usr/bin/smtpfront-qmail"
/var/qmail/bin/cqgreylist \
7 - notify tcpserver that the run script has changed
#svc -h /service/qmail-smtpd
8 - add this one liner to crontab to clean old files, here I chose 1 day for
life of each entry, you can adjust this to your liking.
23 * * * * /usr/bin/find /var/qmail/cqgreylist -mtime +1 -type f -exec rm -f {} \;
Whitelisting
------------
to whitelist certain hosts to skip greylisting for them you need to add them to tcpserver's cdb file, cqgreylist checks if the environment variales WHITELISTED or RELAYCLIENT are declared, if any of them is, greylisting is skipped, here is an example from my tcp.smtp file located in /etc/tcprules
edit tcp.smtp
then execute the following:
#cp tcp.smtp.cdb tcp.smtp.cdb.old
#rm tcp.smtp.cdb
#tcprules tcp.smtp.cdb tcp.smtp.tmp \ < tcp.smtp
the last command will create the new cdb file that will be used by service
***********************************
127.0.0.1:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
xxx.xxx.xxx.xxx:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
xxx.xxx.xxx.xxx:allow,MAILRULES="/var/qmail/control/mailrules.default",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
xxx.xxx.xxx.:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
xxx.xxx.xxx.:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
172.16.:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
#http://greylisting.org/whitelisting.shtml
# Public Servers
# Southwest Airlines (unique sender, no retry)
12.5.136.141:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Southwest Airlines (unique sender, no retry)
12.5.136.142:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Southwest Airlines (unique sender, no retry)
12.5.136.143:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Southwest Airlines (unique sender, no retry)
12.5.136.144:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# kernel.org mailing lists (high traffic, unique sender per mail)
12.107.209.244:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# SLmail
63.82.37.110:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Southwest Airlines (unique sender, no retry)
63.169.44.143:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Southwest Airlines (unique sender, no retry)
63.169.44.144:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# sentex.ca (common pool)
64.7.153.18:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool) -
http://postmaster.aol.com/servers/imo.html64.12.137:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool)
64.12.138:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# moveon.org (unique sender per attempt)
64.124.204.39:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# collab.net (unique sender per attempt)
64.125.132.254:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# zproxy.gmail.com (common server pool, bad 451 handling?)
64.233.162:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# rproxy.gmail.com (common server pool, bad 451 handling?)
64.233.170:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# nproxy.gmail.com (common server pool, bad 451 handling?)
64.233.182:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# wproxy.gmail.com (common server pool, bad 451 handling?)
64.233.184:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Groupwise?
65.82.241.160:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Yahoo Groups servers (common pool, no retry)
66.94.237:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Groupwise?
66.100.210.82:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Ebay (for time critical alerts)
66.135.209:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Ebay (common pool)
66.135.197:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Groupwise?
66.162.216.166:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# PLEXOR
66.206.22.82:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# PLEXOR
66.206.22.83:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# PLEXOR
66.206.22.84:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# PLEXOR
66.206.22.85:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Yahoo Groups servers (common pool, no retry)
66.218.66:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Yahoo Groups servers (common pool, no retry)
66.218.67:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Yahoo Groups servers (common pool, no retry)
66.218.69:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# gmail (common server pool, bad 451 handling)
66.249.82:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# ljbtc.com (Groupwise)
66.27.51.218:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Groupwise?
66.89.73.101:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Groupwise?
68.15.115.88:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# qproxy.gmail.com (common server pool, bad 451 handling?)
72.14.204:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool)
152.163.225:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Joker.com (email forwarding server)
194.245.101.88:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Tid InfoMail Exchanger v2.20
195.235.39.19:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# skynet.be (wierd retry pattern, common pool)
195.238.2:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# skynet.be (wierd retry pattern, common pool)
195.238.3:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Groupwise?
204.60.8.162:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Ameritrade (no retry)
204.107.120.10:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool)
205.188.139.136:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool)
205.188.139.137:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool)
205.188.144.207:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool)
205.188.144.208:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool)
205.188.156.66:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool)
205.188.157:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AOL (common pool)
205.188.159.7:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# SecurityFocus.com (unique sender per attempt)
205.206.231:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# sentex.ca (common pool)
205.211.164.50:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Prodigy (broken software that retries continually with no delay)
207.115.63:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Amazon.com (common pool)
207.171.168:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Amazon.com (common pool)
207.171.180:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Amazon.com (common pool)
207.171.187:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Amazon.com (common pool)
207.171.188:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Amazon.com (common pool)
207.171.190:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Ticketmaster (poor retry config)
209.104.63:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# sourceware.org mailing lists (high traffic, unique sender per mail)
209.132.176.174:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# optusnet.com.au (wierd retry pattern and more than 48hrs)
211.29.132:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Mysql.com (unique sender)
213.136.52.31:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Yahoo Mail?
216.136.226.0:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# Groupwise?
216.157.204.5:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# proxy.gmail.com (common server pool, bad 451 handling?)
216.239.56:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
# AXKit mailing list (unique sender per attempt)
217.158.50.178:allow,RELAYCLIENT="",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
:allow,MAILRULES="/var/qmail/control/mailrules.default",QMAILQUEUE="/usr/bin/qmail-queue.amavis"
********************************************************
Testing
-------
Send some emails from an external host which *isn't* allowed to relay or whitelisted. If you don't have an external account send a 'help' command to a majordomo or simillar list server to get a reply.
For each external server which attempts to send mail a file will be created in /var/qmail/cqgreylist/first_octet_of_ip/. Check this is happening. If it is not, check the permissions/owner on the directory - you will not receive any mail until this is fixed.
also check owner and permissions of all modified files.
Watch your mail log file.
Other Links
-----------
http://oss.albawaba.com/cqgreylist.htmlhttp://greylisting.org/whitelisting.shtmlhttp://linsec.ca/misc_services/tcpserver.phphttp://www.networkincs.comContact
-------
Harry Incs
harry at networkincs.com