EximFilesystemGreylist
From Hinterlands
Contents |
A filesystem-based greylister for Exim
What is greylisting?
Greylisting is a useful antispam technique that takes advantage of the inbuilt resilience of the SMTP protocol. The recipient mail server tracks which IP addresses have attempted to deliver email from which domains. The first time it sees a particular combination of IP and domain, it issues a temporary failure relying on the fact that a correctly working email server will re-attempt the delivery at a later time. Furthermore, so that spamming hosts instantly retrying will continue to be blocked, a minimum retry time limit is enforced, typically 10 or 20 minutes. Hosts connecting back inside this window will continue to receive temporary failure messages.
How does this greylister work?
This greylister works by using a simple filesystem structure to store the connection history. You define a top level directory for the metadata to live in (/var/lib/greylist by default), information is stored under this. For the IP address 11.22.33.44 sending email from the domain hinterlands.org the structure of the data would be:
/var/lib/greylist/11/22/33/44/hinterlands.org/LASTSEEN
The greylister compares the mtime on the domain directory to enforce the greylist window and updates the mtime on the LASTSEEN file each time an email successfully passes through. By doing this we can use a simple script to find IPs which have not sent for a particular domain for some time and remove the metadata, thus requiring them to go through the greylist procedure again to send mail.
cfengine users can maintain this directory with something like:
tidy:
/var/lib/greylist recurse=inf age=7 rmdirs=sub pattern=*
Why use this greylister?
There are many good greylisting implementations that work with Exim. Reasons why you might use this one include:
- It's simple and light. No database engine to manage, no additional daemons to run.
- It's fast. The kernel's block cache means you'll mostly be reading from RAM.
- It can be made even faster. Stick the whole thing on a RAM disk.
- Replication is easy, just use rsync.
- Backing it up is easy, just use tar.
- It's as atomic as your filesystem allows.
How do I use it?
Assuming you're using Debian, download it and copy it into /etc/exim4 and make it executable.
Make the metadata store top level and change the ownership to be Exim's user:
sudo mkdir /var/lib/greylist
sudo chown Debian-exim: /var/lib/greylist
In your Exim recipient ACL, add the following stanza probably quite early on, probably after HELO/EHLO validity checks and so on.
defer message = Greylisted.
condition = ${if eq {${run{/etc/exim4/greylister.pl $sender_host_address $sender_address_domain}{0}{1}}}{1}}
!hosts = localhost
Restart Exim and you're done.
Where can I download it from?
You can get the code here.
