Published as part of my Geek blog - channeling my inner geek

 

How I Stopped over 1000 Spam Emails/Day from Reaching Me in 5 Minutes

February 25, 2010

Last week I migrated our 5 year old Postfix mail server to Slicehost, and took the opportunity to install some spam fighting tools that weren't available 5 years ago. In the process, I noticed that my primary email account's junk folder went from adding 1000+ spam emails a day to less than 20. I hesitated to blog about it but the results keep getting better after 1 week.


This is a graph showing the effectiveness of greylisting, which is consistent with my experience. Taken from the Postgrey site.

It's amazing how easy it was to do this, thanks to Postgrey and Ubuntu.

Below are the exact commands I typed to get this up and running. 

$ apt-get install postgrey

$ postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023'

$ /etc/init.d/postfix reload

So what is Greylisting?

Greylisting relies on the fact that most spam sources do not behave in the same way as "normal" mail systems. Postgrey, a greylisting addon for Postfix, automatically rejects every email that appears to be a new combination of client_ip/sender/recipient. When a "normal" mail server receives the rejection it will automatically try to resend the email and after 5 minutes Postgrey delivers that email to you.

I wish we would have installed this sooner. The amount of spam I was receiving was closer to 3,000 emails per day across all company email addresses. I no longer worry that legitimate emails get marked as spam, when they do it only takes a few seconds to scan my Junk folder and pull them out.

UPDATE 1

There is a good discussion on Hacker News about some downsides to this approach.

UPDATE 2

I should also mention SendGrid is handling our transactional emails, and they are awesome.

**

If you are interested in the entire mail server setup, I followed these guides: 1, 2, 3, 4. Also, for some reason related to SASL, I could not send email until dovecot-postfix was installed after all of the configuration.