当前位置: 首页 > 工具软件 > Milter-Slock > 使用案例 >

如何在Sendmail中设置milter-greylist垃圾邮件阻止

阎京
2023-12-01

Virtually all linux distributions include sendmail as the default MTA. Which is okay – it has been around for a long time, is stable and it works great (although the postfix afficionados might disagree!). But it has nothing built in for spam control which is good; it was not designed for that. So you’ve installed spamassassin and it works good but you still are getting unflagged spam emails through. Perhaps you need to try greylisting.

几乎所有Linux发行版都包含sendmail作为默认的MTA。 没关系–它​​已经存在很长时间了,很稳定并且效果很好(尽管后缀狂热者可能会不同意!)。 但是它没有任何内置的垃圾邮件控制功能,这很好。 它不是为此设计的。 因此,您已经安装了spamassassin,并且效果很好,但是您仍然可以通过不受干扰的垃圾邮件。 也许您需要尝试将其列入灰名单。

Greylisting is the process by which all email (unless specifically whitelisted) gets initially rejected yet works within the parameters of the various RFCs to ensure eventual receipt of email. The idea is that spammers will not attempt to reconnect to an email server that has rejected their offerings yet legitimate mail servers will. It isn’t foolproof – spammers are quick to adjust and greylisting has been around a long time. But it does help.

灰名单是所有电子邮件(除非特别列入白名单的电子邮件)最初被拒绝但仍在各种RFC的参数范围内工作以确保最终收到电子邮件的过程。 这个想法是,垃圾邮件发送者将不会尝试重新连接到已拒绝其产品的电子邮件服务器,而合法的邮件服务器会尝试重新连接。 这并非万无一失-垃圾邮件发送者可以快速调整,并且将黑名单列入已有很长时间了。 但这确实有帮助。

This article is on how to install milter-greylist which was originally written by Emmanuel Dreyfus. I will be concentrating with sendmail here but milter-greylist is also supported with postfix.

本文介绍如何安装最初由Emmanuel Dreyfus编写的milter-greylist。 我将在这里集中讨论sendmail,但postfix也支持milter-greylist。

First, check your dependencies. From the README:

首先,检查您的依赖关系。 从自述文件:

Build dependencies: – flex (AT&T lex cannot build milter-greylist sources) – yacc or bison (some older yacc will fail, use bison instead) – libmilter (comes with Sendmail, or with the sendmail-devel package on RedHat, Fedora and SuSE. Debian and Ubuntu have it in libmilter-dev) – Any POSIX threads library (Provided by libc on some systems)

构建依赖项:– flex(AT&T lex无法构建milter-greylist源)– yacc或bison(某些较旧的yacc将会失败,请使用bison)– libmilter(Sendmail附带,或RedHat,Fedora和SuSE上的sendmail-devel软件包。Debian和Ubuntu在libmilter-dev中有它)–任何POSIX线程库(由libc在某些系统上提供)

Optional dependencies: – libspf2, libspf_alt or libspf, for SPF support – libcurl, for URL checks support – libGeoIP, for GeoIP support – libbind from BIND 9, for DNSRBL support, except if your system has a thread-safe DNS resolver built-in.

可选依赖项:– libspf2,libspf_alt或libspf,用于SPF支持– libcurl,用于URL检查支持– libGeoIP,对于GeoIP支持– BIND 9中的libbind,用于DNSRBL支持,除非您的系统具有内置的线程安全DNS解析器。

But the configuration process will find anything that you don’t have installed and complain until the dependency is resolved.

但是在解决依赖关系之前,配置过程将找到您尚未安装的所有内容,并进行投诉。

Next, download the greylist-milter from http://hcpnet.free.fr/milter-greylist and unpack the tarball. Then read the README file! It includes a wealth of information that isn’t covered in this article especially for installs that want/need to include special features such as SPF support.

接下来,从http://hcpnet.free.fr/milter-greylist下载greylist-milter并解压缩tarball。 然后阅读自述文件! 它包含大量本文未涵盖的信息,特别是对于希望/需要包含特殊功能(例如SPF支持)的安装。

And do the usual

然后照常做

./configure ./make ./make install

./configure ./make ./make安装

The standard install will put the binaries in /usr/local/bin, the database and pid file in /var/milter-greylist and the configuration file will be /etc/mail/greylist.conf. Some startup scripts are included in the tarball but they are not installed automatically. You will have to set it up in your /etc/init.d yourself if you want to use one.

标准安装会将二进制文件放在/ usr / local / bin中,数据库和pid文件放在/ var / milter-greylist中,而配置文件将在/etc/mail/greylist.conf中。 压缩包中包含一些启动脚本,但不会自动安装它们。 如果要使用它,则必须自己在/etc/init.d中进行设置。

You will then need to configure sendmail to actually use the milter. In your sendmail.mc file, add the following (but pay close attention to the warnings in the README file if you are already using other milters in your installation!):

然后,您需要将sendmail配置为实际使用milter。 在sendmail.mc文件中,添加以下内容(但如果您已在安装中使用其他milter,请密切注意README文件中的警告!):

INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock')dnl
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')dnl
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')dnl
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')dnl
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')dnl

INPUT_MAIL_FILTER(`greylist',`S=local:/var/milter-greylist/milter-greylist.sock')dnl
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')dnl
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')dnl
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')dnl
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')dnl

and reconfigure your sendmail.cf file:

并重新配置您的sendmail.cf文件:

#m4 sendmail.mc > sendmail.cf

#m4 sendmail.mc > sendmail.cf

Don’t restart your sendmail daemon just yet, however – we still have to modify the configuration for this to work properly.

但是,暂时不要重新启动sendmail守护程序-我们仍然必须修改配置以使其正常工作。

Open /etc/mail/greylist.conf in your favorite editor (which, of course, is vi, right?). Uncomment or add the following:

在您喜欢的编辑器中打开/etc/mail/greylist.conf(当然,它是vi,对吗?)。 取消注释或添加以下内容:

quiet
greylist 7m
dumpfreq 1d
autowhite 10d

quiet
greylist 7m
dumpfreq 1d
autowhite 10d

In the above configuration, ‘quiet’ will not include a time frame to retry submission. This is good so that there is no way for spammers to know how long they will be blocked. Greylisting will be for 7 minutes after which email from the source will be accepted, database contents will be dumped to the /var/milter-greylist/greylist.db once per day, and, once an email is accepted from a source, that source will be whitelisted for 10 days before being greylisted again.

在上述配置中,“安静”将不包含重试提交的时间范围。 这很好,因此垃圾邮件发送者无法知道将被阻止多长时间。 灰名单将持续7分钟,之后将接受来自来源的电子邮件,每天将数据库内容转储到/var/milter-greylist/greylist.db,并且一旦接收到来自来源的电子邮件,该来源将被列入白名单10天,然后再次被列入白名单。

Also create lists to whitelist your own networks to the configuration file:

还创建列表以将自己的网络白名单添加到配置文件:

list "my network" addr { 127.0.0.1/8 10.230.1.0/24 192.168.1.0/24 }

list "my network" addr { 127.0.0.1/8 10.230.1.0/24 192.168.1.0/24 }

which will whitelist local, DMZ and internal networks (as an example – yours are probably different). Notice the space between network addresses, not commas. Along with other external networks that are always trusted:

它将把本地,DMZ和内部网络列入白名单(例如,您的网络可能有所不同)。 请注意网络地址之间的空格,而不是逗号。 以及始终受信任的其他外部网络:

# Trusted networks to not greylist:
list "trusted" addr {
207.46.0.0/16 # Microsoft
72.33.0.0/16 # UW Madison
}

# Trusted networks to not greylist:
list "trusted" addr {
207.46.0.0/16 # Microsoft
72.33.0.0/16 # UW Madison
}

There is a fairly comprehensive list of ‘broken’ mailer servers in the configuration file that are also always to be whitelisted since greylisting them would most likely result in never getting email from them. You can add to that list as needed as well if you need to.

配置文件中有一个相当全面的“破损”邮件服务器列表,这些服务器也总是被列入白名单,因为将它们列入灰名单很可能会导致永远不会收到来自它们的电子邮件。 您也可以根据需要添加到该列表。

You will most likely be setting up greylisting as the default, so you may also want to whitelist certain users who never want email to be delayed (various pompous vice presidents, system alert addresses and the like):

您很可能会将灰色列表设置为默认列表,因此,您可能还希望将某些不想让电子邮件延迟的用户列入白名单(各种浮躁的副总统,系统警报地址等):

# List of users that want whitelisting (if greylisting is the default):
list "white users" rcpt {
vp@domain.com
sysadmin@domain.com
postmaster@domain.com
}

# List of users that want whitelisting (if greylisting is the default):
list "white users" rcpt {
vp@domain.com
sysadmin@domain.com
postmaster@domain.com
}

Notice the list names of “my network”, “trusted” and “white users” – you need to add these to the actual whitelisting config line:

注意“我的网络”,“受信任”和“白用户”的列表名称–您需要将它们添加到实际的白名单配置行中:

# And here is the access list
racl whitelist list "my network"
racl whitelist list "broken mta"
racl whitelist list "trusted"
racl whitelist list "white users"

# And here is the access list
racl whitelist list "my network"
racl whitelist list "broken mta"
racl whitelist list "trusted"
racl whitelist list "white users"

Note: You can also set this up to whitelist as the default in which case you would also create a “grey users” list of those folk you want to always be subject to greylisting. Those would include errant users who post their work email address all over social network sites, sales web sites and newsletter subscriptions, of course.

注意:您还可以将其设置为默认白名单,在这种情况下,您还将创建一个“灰色用户”列表,列出您希望始终列入灰名单的那些人。 这些将包括错误的用户,他们会在整个社交网站,销售网站和新闻订阅中发布其工作电子邮件地址。

And then configure the default operation of milter-greylist:

然后配置milter-greylist的默认操作:

racl greylist default

racl greylist default

(use racl whitelist default if you want whitelisting to be the default operation).

(如果您希望将白名单作为默认操作,请使用默认的racl白名单)。

And then fire up your milter-greylist binary either using the /etc/init.d/milter-greylist startup script or by

然后使用/etc/init.d/milter-greylist启动脚本或通过启动milter-greylist二进制文件

#milter-greylist -f /etc/mail/greylist.config

#milter-greylist -f /etc/mail/greylist.config

at the command line. There are a slew of other command line options (many of which duplicate parameters set in the conf file). See

在命令行中。 还有许多其他命令行选项(其中许多重复参数在conf文件中设置)。 看到

man milter-greylist

军人灰色名单

for further details.

有关更多详细信息。

And then restart your sendmail daemon and enjoy less spam coming into your mail server.

然后重新启动sendmail守护程序,以减少进入您的邮件服务器的垃圾邮件。

翻译自: https://www.howtogeek.com/50948/how-to-setup-milter-greylist-spam-blocking-in-sendmail/

 类似资料: