Koozali.org: home of the SME Server

Greylisting

Offline soren

  • 2
  • +0/-0
Greylisting
« on: May 28, 2017, 03:10:33 PM »
Hi

After upgrading to SME 9.2, I have had some problems with the reception of
e-mail after implementation of the Grey listing as described in
https://wiki.contribs.org/Greylisting.

When the Grey listing was implemented all reception of e-mail simply stopped
and I had to uninstall the Grey listing also described in the wake to make
it all work again.

After some investigation I found the bug https://bugs.contribs.org/show_bug.cgi?id=10125

      The solution: wbl whitelist_soft should be removed from qpsmtpd-plugin

In the nice wake https://forums.contribs.org/index.php/topic,53034.0.html
we need to erase the lines:

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
echo whitelist_soft > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/05whitelist_soft

And also:
rm /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/05whitelist_soft

Everything works ok with me now!

To help others, I hope someone can verify and correct the wiki?

Soren
Just retired but maintaning the family e-mail server.

guest22

Re: Greylisting
« Reply #1 on: May 28, 2017, 06:10:30 PM »
Hi Soren and welcome!

please let others have some comments/verify on this before we change the wiki.

Thanks!

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: Greylisting
« Reply #2 on: May 29, 2017, 02:51:38 PM »
Whitelist_Soft

The "whitelist_soft" plugin has been renamed to "whitelist".

As such, you need to replace references to "whitelist_soft" with "whitelist" in the install instructions:
Code: [Select]
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
echo whitelist > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/05whitelist


Other Recommendations

The greylisting instructions also include this recommendation:
Quote from: perldoc /usr/share/qpsmtpd/plugins/greylisting
Having reject disabled is useful for seeding the database and testing without impacting deliveries. It is recommended to begin with reject 0 for a week or two before enabling reject.

Additionally, my (non-SME) greylisting blocks emails for 15 minutes, which drives my users crazy when they are dealing with vendors and others; I would reduce the black_timeout from 60 minutes to 5, or possibly even 1...

Finally, I like to be able to research blocked emails in the mail logs -- According to the docs, I'll get more details in the logs if I enable "deny_late" in greylisting.

To disable reject, enable deny_late and reduce the black_timeout, modify the greylisting config like this:
Code: [Select]
echo greylisting reject 0 deny_late 1 black_timeout 5 db_dir /var/lib/qpsmtpd/greylisting > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/10greylisting
/sbin/e-smith/expand-template /var/service/qpsmtpd/config/peers/0
signal-event email-update

You can review the greylisting database using:
Code: [Select]
strings /var/lib/qpsmtpd/greylisting/greylist.dbm

When you want to enable reject:
Code: [Select]
echo greylisting reject 1 black_timeout 5 deny_late 1  db_dir /var/lib/qpsmtpd/greylisting > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/10greylisting
/sbin/e-smith/expand-template /var/service/qpsmtpd/config/peers/0
signal-event email-update

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: Greylisting
« Reply #3 on: May 29, 2017, 03:01:29 PM »
Whitelist_Soft

The "whitelist_soft" plugin has been renamed to "whitelist".

As such, you need to replace references to "whitelist_soft" with "whitelist" in the install instructions:
Code: [Select]
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
echo whitelist > /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0/05whitelist

AFAIK there's no reason to have a custom fragment with last qpsmtpd.. you'd better use smeserver-wbl contrib

Offline soren

  • 2
  • +0/-0
Re: Greylisting
« Reply #4 on: June 01, 2017, 10:11:00 AM »
Hi mmccarn and Stefano

Thank you a lot for the correction tip:

   The "whitelist_soft" plugin has been renamed to "whitelist".

I made the change 24 hours ago and as far I can monitor
the result looks good.
No more errors in the /var/log/qpsmtpd/current
the Sme9admins mail plot looks fine
and less spam coming to the mail accounts.

BR
soren
Just retired but maintaning the family e-mail server.

Offline devtay

  • *
  • 145
  • +0/-0
Re: Greylisting
« Reply #5 on: November 08, 2018, 04:52:57 PM »
AFAIK there's no reason to have a custom fragment with last qpsmtpd.. you'd better use smeserver-wbl contrib

I know this is old so sorry if that makes someone mad. I'm trying to get the information in one place. I followed the wiki steps and I do not have the smeserver-wbl contrib installed. When I followed the steps, I got the following error in my qpsmtpd/current file:

Code: [Select]
Plugin whitelist_soft not found in our plugin dirs (/usr/share/qpsmtpd/plugins) at /usr/share/perl5/vendor_perl/Qpsmtpd.pm line 213.
So I got lucky and found this post. The renaming of the plugin is the cause for the error above. I followed the instructions from mmcarn and created the template fragment of the new name and the errors stopped. I also liked the idea of letting it run with reject disabled so I continued on with suggestions.

stefano's post suggests using smeserver-wbl to cure the name problem for the plugin. I did not do this because I don't want to have to install a contrib to get the base functionality of a plugin to work. If I am misunderstanding this, sorry. Please correct me. If the new name of the plugin has changed officially, I don't see the harm in putting a custom template fragment in to correct it. When I move to a different server, I'm going to get my custom template fragments migrated anyways.

I would like to update the wiki with this information but I don't want to step on anyone's toes as there seems to be some disagreement on what to do. I have had considerable success with the greylisting plugin in the past 24 hours and I think it's one of the best measures out there to reduce spam. It really adds to the functionality of Koozali. Please advise if there is a problem with my configuration going forward with updates and upgrades.

Regards,
Dev
You can't stop what's coming. It ain't all waiting on you.

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: Greylisting
« Reply #6 on: November 09, 2018, 12:01:19 AM »
Updating the wiki sounds like a great idea to me.

It would be polite to leave a note indicating the correct information for SME older than 9.2 (maybe move the old code to the 'Discussion' tab, or leave it inline with a note).

Offline TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: Greylisting
« Reply #7 on: November 09, 2018, 12:05:50 AM »
Go for it, many hands etc
--
qui scribit bis legit