Antispam Hell

If you ask me, what the world really needs is a good, lightweight antispam proxy with greylisting. Greylisting, if you’re not familiar with the term, is a brutal but effective way of cutting down on email spam, by ensuring that only actual mailservers are sending email to you, and not – for example – a zombie botnet. It’s not perfect, but it works fairly well.

The problem is, there don’t seem to be any really good implementations of this in a proxy form – where they greylisting is done ahead of the mailserver itself. So far, all the programs I’ve found have some serious issues:

There’s Spey, which actually does just about everything one could ever want – except compile on CentOS, or anything that isn’t Debian, or derived from Debian. Technically, the problem is that it absolutely requires Java for some minor and useless part of the user interface, and compiling Java on CentOS is a bit like playing the bagpipes and a trombone at the same time…

There’s Hermes, which lacks a lot of important features, like the ability to whitelist IP addresses, and whose author can’t – or can’t be bothered to – fix the database corruption problems people have been reporting for over a year. Ignore what the website says; with database corruption happening every forty-eight hours, and Hermes then not functioning at all, this program is far from ready for prime time.

Next to be tried is the somewhat-promising looking greylite. It’s apparently somewhat crippled without the availability of a (commercial) Geolocation database, but otherwise has potential. It’s configuration and compilation has a few kinks that need working out, but I’m cautiously optimistic it will be better than Hermes… which isn’t saying much. On the plus side (perhaps) being launched from Dan Bernstein’s tcpserver means one can easily add on rblsmtpd to add blacklist checking…

Published in: Geekiness, General | on February 26th, 2008| 2 Comments »

Both comments and pings are currently closed.

2 Comments

  1. On 2/27/2008 at 5:00 am Karanbir Singh Said:

    Just wondering why you would want to greylist on a proxy and not on the mailserver itself ? I’ve been using greylisting on my servers for a long time and found that doing it on the server gave me a lot of flexibility including whitelisting, blacklisting, doing header checks ( some of which are actually network tests ) etc, before accepting the email.

  2. On 2/27/2008 at 11:49 am Nemo Said:

    It’s kind of a leftover from some legacy system design – but also a personal preference, to offload as much of the antispam stuff onto another server. We use Exim, whose supported greylisting ACLs use MySQL databases, and it consumes too many resources for the volume of spam we handle (and the hardware it’s running on). So, we began looking at a greylisting proxy, to stop as much spam as possible from hitting Exim – and from there decided to offload that – and as many of the DNS lookups as possible – onto a second server. So far, the design has been working really well – it’s just the software that hasn’t. 🙂

    Tentatively, I think greylite might be worth keeping – I got it to run from supervise, with rblsmtpd doing various blacklist checks; it then greylists by various (adaptable) criteria, including PTR records. Mail that passes the greylite proxy checks through to Exim are checked against various tests there – HELO checks, address checks, and various other ACLs. We’ll see, though; it might have a bad habit of dieing unexpectedly, or something…