Milter-greylist

On 2014-03-06 01:20, Thomas Cameron wrote:
> I'm using spamass-milter and milter-greylist on RHEL 6 with
> sendmail-8.14.4-8.el6.x86_64.
>
> I am hoping someone has an example of what my sendmail.mc should look
> like to run both milters.

Our typical config is somewhat large and complex, but the bits you
might need, include:

FEATURE(`access_db')
FEATURE(`use_ct_file')
FEATURE(`blacklist_recipients')
FEATURE(`delay_checks', `friend')dnl
FEATURE(`greet_pause', `2000')dnl

dnl INPUT_MAIL_FILTER(`milter-regex', 
`S=unix:/var/milter-regex/milter-regex.sock, T=S:30s;R:2m')dnl

dnl# See also: http://wiki.apache.org/spamassassin/DnsBlocklists
FEATURE(`dnsbl', `bl.spamcop.net', `"Spam blocked - see 
http://spamcop.net/bl.shtml?"$&{client_addr}')dnl
dnl# ORDB closed in 2010(?), mail-abuse in Nov 2012
dnl# FEATURE(`dnsbl', `relays.ordb.org', `Spam blocked - see 
http://ordb.org')dnl
dnl# FEATURE(`dnsbl', `blackholes.mail-abuse.org', `Rejected - see 
http://www.mail-abuse.org/rbl/')dnl
dnl# FEATURE(`dnsbl', `dialups.mail-abuse.org', `Dialup - see 
http://www.mail-abuse.org/dul/')dnl
dnl# FEATURE(`dnsbl', `relays.mail-abuse.org', `Open spam relay - see 
http://www.mail-abuse.org/rss/')dnl
FEATURE(`dnsbl', `dul.ru', `ISP-self-registered Dialup - Use mail relays 
of your ISP, see http://www.dul.ru/')dnl
FEATURE(`dnsbl', `zen.spamhaus.org', `"Spam blocked - see 
http://www.spamhaus.org/query/ip/"$&{client_addr}')dnl

INPUT_MAIL_FILTER(`greylist',`S=unix:/var/milter-greylist/milter-greylist.sock, 
F=T, T=S:320s;R:320s;E:1h')dnl

dnl 
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/milter/clamav/milter.sock, F=, 
T=S:4m;R:4m')dnl
dnl INPUT_MAIL_FILTER(`clmilter',`S=inet:7357@clamav,  T=S:320s;R:320s;E:1h'



Note that "dnl" marks the start of comment, so this particular
installation currently uses only one milter, which is used if
the connecting host is not rejected by a DNS RBL or (earlier)
some regex tests (now moved into milter-greylist).

Also the SMTP banner delay (greet pause) is used to reject
submitters who can't keep up a proper dialogue. There is also
connection throttling somewhere there in the accessdb ;)
And whenever possible, your relay should "know" (via local users,
LDAP, a forward verification milter, etc.) what user names are
defined for your domains, so messages for random usernames can
be discarded with a proper dialog error (instead of a later
bounce message) during the submission from the spammer or an
erring user.

After the "cheap" tests you can do heavier ones like clamav
(antivirus) or spamassassin (content checks) - by this time
the incoming stream of messages that have passed the initial
filters should be at least 5-10 times less than the number of
SMTP connections you've received (in our random summaries we
saw about 4% to 10% of connections making it into accepted
messages, with no complaints from users about lost valid mail,
and still part of that received traffic is spam). So it is
rather important to do "expensive" tests late in the chain
so as to not waste too much of your CPUs on all that easily
caught spam.

HTH,
//Jim Klimov