So, a year and a half later I am returning to this idea of a -g option for rblsmtpd. I thought I had found someone (the elusive "Rudolph", who I cannot seem to find) who had implemented exactly what I was proposing:

http://sw.eq.cz/gpforr/

This is interesting. I have tried it out and it works. However, it is not quite what I had in mind. As I understand it, Rudolph's solution essentially switches rblsmtpd into a greylist only program (or perhaps, greylists with whitelists). Just like you can mix whitelists and blacklists now, I want to also throw greylists into the mix (not turning blacklists off and making them greylists instead, which is what Rudolph's solution does ... I think).

Under my proposed solution this is what my qmail "run" file would look like:
================
#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec \
/usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
rblsmtpd \
-a mylocal.whitelist.zzz \
-r mylocal.blacklist.zzz \
-r zen.spamhaus.org \
-g dnsbl.sorbs.net \
/var/qmail/bin/qmail-smtpd my.domain.com \
/usr/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

================

So, in my case, incoming connections would first pass through my local whitelist, my local blacklist, spamhaus blacklist, then ... Sorbs would serve as a greylist. A positive hit on Sorbs would cause that ip address to be blocked temporarily (greylisted), for a wait time (the "GREYWAIT" env variable, maybe?) of say 5 minutes. Subsequent hits during this 5 minute GREYWAIT period would cause GREYWAIT to reset. This resetting of GREYWAIT prevents spam from eventually getting through if the sending server is persistent enough to just keep hammering away until the GREYWAIT period expires. Subsequent hits from the same ip address after GREYWAIT (5 minutes) has passed would then be allowed through until some expiry time (the GREYEXPIRY env variable) has passed ... maybe 1 day.

I propose storing greylisted ip addresses in a directory called /var/qmail/greylist. Every time an ip address is greylisted, an empty file would be created in this directory with the ip address as its name. On subsequent hits where ip addresses match a file in the greylist directory, the difference between the current time and the time stamp of the file in question would be compared against GREYWAIT and GREYEXPIRY. There would be three possibilities:

1. If difference is < GREYWAIT, then reset the timestamp on the file (hit occurred before GREYWAIT had passed).
2. If difference is between GREYWAIT and GREYEXPIRY, then let the email pass (probably a legitimate email that you want to let through).
3. If difference is > GREYEXPIRY, then reset the timestamp on the file (essentially, this file had expired and would have soon been removed by some daily or hourly cronjob).

Oh, and I forgot to mention the cronjob. A cronjob is required (hourly or daily, it doesn't really matter) that removes files in the greylist directory where GREYEXPIRY has passed.

One issue is performance when/if the greylist directory gets a lot of files in it. This would not happen on my server, but if you had a really busy email server it might. I propose linking /var/qmail/greylist to a 10MB ram disk. The performance on a ram disk should be quite good.

So, I think that summarizes my vision of how this will work. Looks like I'll be learning some C in the near future. ... unless someone else wants to do this (haha). I'll post back here when I am done. It might be a few months or more.

Paul

Well, I thought this might take several months. It took 6 days since my last post. I am almost done. I've got this black/white/greylist scheme (with the -g switch) working and it works beautifully.

It will take me maybe another week or so to package this and make it available. I just hate to mess with ucspi-tcp-0.88 (rblsmtpd in particular) because it is a superb piece of programming and has been so reliable. So, I have built a patch that leaves all of the original functionality untouched. The patch adds a new program called "rblsmtpd_bwg" ( bwg = black,white,grey ) to ucspi-tcp-0.88. The new rblsmtpd_bwg is a modified version of rblsmtpd, but rblsmtpd remains even after the patch is applied, so you will be free to use the original rblsmtpd or rblsmtpd_bwg. To activate rblsmtpd_bwg, you will simply apply my patch to ucspi-tcp-0.88, stop qmail, re-install the patched ucspi-tcp-0.88, change "rblsmtpd" to "rbltsmtp_bwg" in your qmail "run" file, then re-start qmail. With no other changes to the qmail run file, everything will function exactly the same as before. However, you will now have the option of changing some or all of your -r switches to -g , thereby using all or some of your rbl's as greylists instead of blacklists. Two other new options (the -w and -e switches) will allow you to set your own greylist "wait" and "expiry" times. Currently, I have the default wait set at 300 seconds (5 minutes) and the default expiry at 86400 seconds (one day). I have been experimenting around and I think I prefer times of 120 seconds and 14400 seconds, respectively. The -w and -e switches will allow you to easily tweak these as you see fit.

Finally, there will be one ruby script based on the "elusive Rudolph" ruby scripts that needs to run as a cron job to clean up the greylist directory periodically. I've got it running hourly and it works well for me.

There is one interesting feature about the "wait" times that may be different from other greylisting schemes. When the same ip address hits a second time within the "wait" period, the wait time gets reset and the waiting period starts over again. This is good because an ip address that continually hammers your mail server or even just hits it once a minute continually will never get through. The entire "wait" time must pass between two attempts from the same rbl-listed ip address before an email will be allowed through. I am finding even with quite small wait times (60 or 120 seconds) greylisting is quite effective and occasional legitimate "false positive" mail from legitimate mail servers gets through with only minor delays.

Not sure if anyone is reading this or cares, but I will make rblsmtpd_bwg available within a week or so. Check back here for details.

Paul

The rblsmtpd_bwg patch is available here:

http://bwg.cooL1.ca

You apply the patch to ucspi-tcp-0.88.

Hope this helps someone.

Paul

hi again.. i am back after very very long time

there is a good software called spamdyke . no patch, just install and add it into smtp-run.. it supports reverse dns check, mx record check, rbl check, blacklists whitelists greylists etc.. plus it does not check anything if user auth via smtpd..

http://www.spamdyke.org/

Maxut, nice to see you back here.

I have heard of spamdyke, but never checked it out thoroughly until now. Wow, it looks really good! In fact, I am probably going to start using it. Many very good features. I think there is some overlap with magic-smtpd, which I now use. Magic-smtpd is a drop-in replacement for qmail-smtpd. Spamdyke's obvious advantage is that it's a filter and not a patch -- it leaves qmail intact. I like that a lot.

I notice two features it's missing (... I think) that I would like to see:

1) Rejection up-front of messages where the recipient email address does not exist (as opposed to a bounce after accepting the message). Magic-smtpd does this. I am guessing I could keep using magic-smtpd with spamdyke, so this probably is not an issue for me.

2) My greylisting scheme using rblsmtpd_bwg . That is, greylisting based on RBLs. Again, probably not an issue for me because I suspect I could continue using my rblsmtpd_bwg with spamdyke. I am tempted to tweak the code myself to get spamdyke doing this, but maybe I can convince the writer of spamdyke to do it (haha).

So, while I'd like to see these two options, I don't think adding spamdyke to my setup means I need to drop them from my current configuration.

Thanks maxut!

Apollo

that is so nice to hear from u.. u are really so fast


actually there is a patch called chkuser to check if resipient exist. i use qmail-toaster ( www.qmailtoaster.org ) which includes that patch and so much more... so i already have that thing without magic lol .. qtm is getting much better day by day.. thanks a lot to them i just install and add spamdyke.. i hope they will add spamdyke for next release.. so no need to do anything lol.. also they have good scripts for backup restore and update: http://qtp.qmailtoaster.com/

no idea for the 2nd section.. i think i must try greylists first.. and if i understand codes surely i would like to join them

thanks a lot.

I have tried to implement you script into my qmail-smtpd/run file this is my current file

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 90000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd mail.iatinfotach.in \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

when i put your file in qmail-smtpd/run file it stoped sending and receiving mails.
and spamassain is running on my server and getting huge amount of spam on evry user mail box.

Please suggest how can i stop this spam mails.

hi,

I have tried you script which is below.
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" ]; then
echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd 2>&1


But when i put this ecript into my /var/qmail/supervise/qmail-smtpd/run file it stop sending and receiving mails.

my file is below

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 90000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd mail.iapinfotech.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

Where i sm doing mistake i just simply replace this file with your file and spamassain is running on my server whcih is not worth coz it can't stops spam mails,

Please help
Thanks in Advance

u may want to try spamdyke.
www.spamdyke.org

if u use qmail-toaster, u can install it by using qtp-plus..
http://qtp.qmailtoaster.com

regards

no i have install qmailrocks from qmailrocks.org.

I just configure qmail server i am getting lot of spams how can stop it even clamav and spamassian is running perfectly file in my previous uper post i have sent qmail-smtpd/run file content.

how could i stop these spams mail on my mail server please guide and help to stop spamming.

Akhil

qmailrocks is very old and not a live project. Especially u need the latest version of clam for security.

if i were u i would install toaster.
toaster has necessary patches for a modern qmail MTA (chkuser,domaikeys,SPF,remote-auth etc..).
The mots of those patches will help u to stop spams. And u should also install spamdyke.

best regards