Spam

Fighting SPAM with Postfix, DNSBL, and SQLGrey

9431 VIEWS
by
7 years ago

In Application Security
· · ·

E-mail spam has been a problem for many years, not only because so many messages that are sent are unsolicited, but also because a lot of them are dangerous and may contain phishing links or viruses. Due to this problem, there are numerous services out there which you can pay for and put in front of your existing email server to help combat spam. The solution put forward in this document will allow you to cheaply deploy your own spam filtering solution on a tiny server like a VPS using open source software and free-to-use DNS blacklists.

What software am I going to be using?

So before we get started, it would be useful to explain what software will be used to accomplish our end goal of filtering spam.

Postfix

Postfix is a well known MTA (mail transfer agent) or SMTP server which sends and receives e-mail.

DNSBL

DNSBL refers to DNS Blacklists. There are hundreds around, but some of the most well-known ones in the spam filtering community are SPAMHAUS, SPAMCOP, and SORBS, although it’s worth noting that you can change these out to suit your requirements.

SQLGrey

SQLGrey is a policy service for Postfix which utilises something known as greylisting. Greylisting helps fight spam by temporarily rejecting an e-mail from a sender it does not recognise. SQLGrey works by keeping a record of such attempts and works on the basis that legitimate mail servers will re-attempt delivery multiple times before giving up, whereas spammers often only send out one email and don’t re-attempt delivery—because they’re already sending thousands or millions of e-mails!

Objectives

For the purposes of this article, we will be using Debian to set up our spam filtering service.

  1. Set up components
  2. Configure Postfix (including DNS Blacklist functionality)
  3. Configure SQLGrey
  4. Final considerations

Setup Components

To set up the various components we require, simply type the following: apt-get -y install mysql-server sqlgrey postfix

Once you have done the above, it’s best to perform a secure configuration of MySQL by running /usr/bin/mysql_secure_installation

Assuming there are no errors after running the above command, you can proceed to the next step.

Configure Postfix

Now it’s time to configure Postfix. An example configuration file with the DNS blacklists is included below. I’ve also included some specific rejections that are built into Postfix to assist with our spam filtering.

# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP Postfix
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions =
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unlisted_recipient,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        check_policy_service inet:127.0.0.1:10101,
        reject_rbl_client zen.spamhaus.org,
        reject_rbl_client bl.spamcop.net,
        reject_rbl_client psbl.surriel.com,
        reject_rbl_client dnsbl.sorbs.net,
        reject_rbl_client b.barracudacentral.org

# Purposefully hashed out myhostname so Postfix detects it from locally set hostname

#myhostname = mydomain.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mydomain.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4

message_size_limit = 30720000

relay_domains = $mydestination, btree:/etc/postfix/transport
transport_maps = btree:/etc/postfix/transport

Configure SQLGrey

Now we’re ready to populate the SQLGrey configuration file at /etc/sqlgrey/sqlgrey.conf. If there is one already there, then move it and create a new file with the following:

inet = 127.0.0.1:10101 # bind to localhost:10101
reconnect_delay = 5 # no reconnect before 5 minutes
max_connect_age = 24 # no reconnect after 24 hours

# database settings
db_type = mysql
db_name = sqlgrey
db_host = localhost
db_user = sqlgrey
db_pass = 
db_cleandelay = 1800
clean_method = sync # 'async' is said to be buggy

# greylist by class C network. eg: 2.3.4.6 connection
# accepted if 2.3.4.145 did connect earlier
greymethod = classc

# one must optin to have its (incoming) messages being greylisted
optmethod = none

Now, before starting SQLGrey, let’s set up a new database in MySQL. Connect to MySQL by typing mysql -uroot-p

Then go ahead and issue the following commands:

CREATE USER 'sqlgrey'@'localhost' IDENTIFIED BY 'my_password';
CREATE DATABASE IF NOT EXISTS `sqlgrey` ;
GRANT ALL PRIVILEGES ON `sqlgrey` . * TO 'sqlgrey'@'localhost';
FLUSH PRIVILEGES;
exit

After doing the above, you’re ready to start SQLGrey by issuing /etc/init.d/sqlgrey start . This will automatically populate the newly created database with tables!

Final Considerations

There are a couple more things you’ll need to do before you are fully ready to go. You’ll need to create a ‘transport’ file to tell Postfix which SMTP server to forward mail to for your users. Let’s say you’re wanting your new spam filtering server to act as a spam filter for example.com. You’d set the MX records on example.com to point to your spam filtering server, then add a line in /etc/postfix/transport to tell Postfix to forward mail on to the SMTP server that hosts the mailboxes for example.com.

An example of this is shown below:

example.com smtp:[mail.example.com]

Once you have done this, you’ll need to run /usr/sbin/postmap btree:/etc/postfix/transport && postfix reload which creates an index file for Postfix to use.

Now all you need to do is point MX records for any relevant domain to your new spam filter and you’re good to go!


Keith Rogers is an IT professional with over 10 years’ experience in modern development practices. Currently he works for a broadcasting organization in the DevOps space with a focus on automation. Keith is a regular contributor at Fixate IO.

Discussion

Leave a Comment

Your email address will not be published. Required fields are marked *

Menu
Skip to toolbar