Outgoing greylist
Outgoing greylist
hello.
I'm trying to config the greylist to filter incoming and outgoing emails, incoming works like a charm!, but I can't get the outgoing filter to work, I need to send all the new email destinations to the greylist.
I modified the sqlgrey.conf and change the option "optmethod = optout" to "optmethod = none" (according to the sqlgrey help "none : everyone is greylisted"), but nothing happen.
I change the order of the smtpd_recipient_restrictions, I puted the check_policy_service inet:127.0.0.1:2501 in the first place, this put the email in the greylist, but it puts the sender not the destination mail (useless).
can anyone give me a hand?
PS: sorry about my english.
PS2: I'm using "MailWatch for MailScanner v1.2.3-dev running on EFA-3.0.2.3"
thank you very much.
I'm trying to config the greylist to filter incoming and outgoing emails, incoming works like a charm!, but I can't get the outgoing filter to work, I need to send all the new email destinations to the greylist.
I modified the sqlgrey.conf and change the option "optmethod = optout" to "optmethod = none" (according to the sqlgrey help "none : everyone is greylisted"), but nothing happen.
I change the order of the smtpd_recipient_restrictions, I puted the check_policy_service inet:127.0.0.1:2501 in the first place, this put the email in the greylist, but it puts the sender not the destination mail (useless).
can anyone give me a hand?
PS: sorry about my english.
PS2: I'm using "MailWatch for MailScanner v1.2.3-dev running on EFA-3.0.2.3"
thank you very much.
Re: Outgoing greylist
Why would you want to greylist your outgoing emails?
Don't you trust your own users?
They will probably get greylisted on the recipient side anyway
What are you trying to accomplish?
Don't you trust your own users?
They will probably get greylisted on the recipient side anyway
What are you trying to accomplish?
Re: Outgoing greylist
Hello Ovizii.
first, I never trust my own users, all the problems I have in my life are because of them!!
in a couple of months we had a few accounts compromised by spammers, and some accounts sent 1.500.000 emails in a couple of hours, I implemented a greylist with policyd on our zimbra server, it works very well, but is not transparent to the user, everytime a user try to send a email to a new destination, it gets an error on the webmail or email client (outlook, thunderbird, etc), and it has to manually resend the email once the greylist period is reached.
this is very annoying for our users, but it's 100% effective, that's why I need to work this out on the E.F.A appliance, since it's transparent to the user and it has a nice and simple web interface to manage (to assign that management to a junior technician)
thank you.
first, I never trust my own users, all the problems I have in my life are because of them!!
in a couple of months we had a few accounts compromised by spammers, and some accounts sent 1.500.000 emails in a couple of hours, I implemented a greylist with policyd on our zimbra server, it works very well, but is not transparent to the user, everytime a user try to send a email to a new destination, it gets an error on the webmail or email client (outlook, thunderbird, etc), and it has to manually resend the email once the greylist period is reached.
this is very annoying for our users, but it's 100% effective, that's why I need to work this out on the E.F.A appliance, since it's transparent to the user and it has a nice and simple web interface to manage (to assign that management to a junior technician)
thank you.
Re: Outgoing greylist
ouch. I understand now. thanks for explaining.
Re: Outgoing greylist
after reading your post again, I don't think this will work. sqlgrey is doing greylisting and greylisting always applies based on the sender and not the recipient so I am unsure how you envision this to work?I change the order of the smtpd_recipient_restrictions, I puted the check_policy_service inet:127.0.0.1:2501 in the first place, this put the email in the greylist, but it puts the sender not the destination mail (useless).
greylisting protects you from "bad senders" so as you said, you want protection from "compromised" clients and those are the clients so what is wrong wit hyour current solution, I mean what exactly happens? does sqlgrey not greylist your sender email, then wait until the sender tries again before it sends out the email?
Re: Outgoing greylist
the greylist on the inbound messages mark the sender.
on the outbound messages marks the destination.
this works perfect on the policyd embedded on the zimbra server. (but I need to do this on the E.F.A appliance.)
on the outbound messages marks the destination.
this works perfect on the policyd embedded on the zimbra server. (but I need to do this on the E.F.A appliance.)
Re: Outgoing greylist
policyd is a plicy deamon, that isn't actually "pure" greylisting as far as I know.
according to wikipedia, this is the definition of greylisting and sqlgrey does exactly that:
according to wikipedia, this is the definition of greylisting and sqlgrey does exactly that:
Just a suggestion but instead of twisting sqlgrey to do what it isn't supposed to do, if you need said functionality, why don't you add policyd to your EFA?Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate the originating server will try again after a delay, and if sufficient time has elapsed the email will be accepted.
Re: Outgoing greylist
because the management is very bad, it can't handle whitelist like sqlgrey
Re: Outgoing greylist
Ok, I get that. still not seeing why the way sqlgrey works isn't good enough for you.
I assume it would work this way as I have never tried it:
a) a regular user sends email through your (possibly) exchange server? so the flow would be:
user => exchange => efa || greylisting applies || 5 minutes or so later your exchange resends the email => efa => external email server
b) a user with a compromised pc has countless emails going out through a local smtp server so the flow would be:
user => efa || greylisting applies || the rogue pc never resends the email => efa never relays the email to the external email server
From what I understand this is exactly what you are looking for, isn't it?
I assume it would work this way as I have never tried it:
a) a regular user sends email through your (possibly) exchange server? so the flow would be:
user => exchange => efa || greylisting applies || 5 minutes or so later your exchange resends the email => efa => external email server
b) a user with a compromised pc has countless emails going out through a local smtp server so the flow would be:
user => efa || greylisting applies || the rogue pc never resends the email => efa never relays the email to the external email server
From what I understand this is exactly what you are looking for, isn't it?
Re: Outgoing greylist
As I understand this.-I don't use greylisting-
To block mail from a compromised pc/server through a local smtp server, I use a firewall rule that blocks stuff like this. (in my case Pfsense)
Now only the mailserver can send mail. When using efa as outgoing mail server, also add the EFA ip to an Alias for mailserver.
To block mail from a compromised pc/server through a local smtp server, I use a firewall rule that blocks stuff like this. (in my case Pfsense)
Now only the mailserver can send mail. When using efa as outgoing mail server, also add the EFA ip to an Alias for mailserver.
- Attachments
-
- Firewall_ Rules_ LAN.png (11.94 KiB) Viewed 9912 times
“We are stuck with technology when what we really want is just stuff that works.” -Douglas Adams
Re: Outgoing greylist
I do the same as Henk. Only my exchange server is allowed to send mail. Everything else is blocked completely. Exchange then delivers to EFA to check the messages.
So mail users have to use the exchange server. Compromised PCs are too dumb, to use the exchange server so they get blocked, and any attempts show up in my firewall logs.
Would this kind of setup work for you froman?
So mail users have to use the exchange server. Compromised PCs are too dumb, to use the exchange server so they get blocked, and any attempts show up in my firewall logs.
Would this kind of setup work for you froman?
Re: Outgoing greylist
The if you have any control over the firewall, it should be easy for you.
If your firewall supports logging, then enable logging for any blocked port 25 attempts. That'll help you find any rogue mailers on your network.
Let us know how you get on with it.
If your firewall supports logging, then enable logging for any blocked port 25 attempts. That'll help you find any rogue mailers on your network.
Let us know how you get on with it.
Re: Outgoing greylist
I already have that, that's not what I need
is really simple, for incoming mail, greylist the sender
for outgoing mail greylist the destination. nothing else, just that.
Re: Outgoing greylist
suit yourself. I can't add more to this topic.