February 25, 2010

How I Stopped over 1000 Spam Emails/Day from Reaching Me in 5 Minutes

Last week I migrated our 5 year old Postfix mail server to Slicehost, and took the opportunity to install some spam fighting tools that weren't available 5 years ago. In the process, I noticed that my primary email account's junk folder went from adding 1000+ spam emails a day to less than 20. I hesitated to blog about it but the results keep getting better after 1 week.

It's amazing how easy it was to do this, thanks to Postgrey and Ubuntu.

Below are the exact commands I typed to get this up and running.

$ apt-get install postgrey

$ postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023'

$ /etc/init.d/postfix reload

So what is Greylisting?

Greylisting relies on the fact that most spam sources do not behave in the same way as "normal" mail systems. Postgrey, a greylisting addon for Postfix, automatically rejects every email that appears to be a new combination of client_ip/sender/recipient. When a "normal" mail server receives the rejection it will automatically try to resend the email and after 5 minutes Postgrey delivers that email to you.

I wish we would have installed this sooner. The amount of spam I was receiving was closer to 3,000 emails per day across all company email addresses. I no longer worry that legitimate emails get marked as spam, when they do it only takes a few seconds to scan my Junk folder and pull them out.

UPDATE 1

There is a good discussion on Hacker News about some downsides to this approach.

UPDATE 2

I should also mention SendGrid is handling our transactional emails, and they are awesome.

**

If you are interested in the entire mail server setup, I followed these guides: 1, 2, 3, 4. Also, for some reason related to SASL, I could not send email until dovecot-postfix was installed after all of the configuration.