Over the last few weeks and months, spam has become an overwhelming problem. There are default settings that come with OSX Server but they won't get you the results you need. There are still way too many spam messages finding their way into the inbox.
There is a "new" approach called postgrey. So what is it? Firstly, it was created by
David Schweikert. It works as a Postfix policy server and it creates a greylist instead of a white or black list. A blacklist is a way to reject mail and whitelist is a way to allow mail into your system. A greylist however works differently. Greylists are pure gold when it comes to rejecting junk email. Whenever a client attempts to send mail to a particular recipient, the greylist server will attempt to find that client’s address and the recipient’s address in its database. If there is no such entry then one will be created, and Postfix will use a standard SMTP error message to tell the client that the recipient’s mailbox is temporarily unavailable and to try again later. It will then continue to reject similar attempts until the timestamp is of a certain age (default is five minutes). The theory behind this is that almost no special-purpose spam sending software will actually attempt to
re-send the message, but almost every legitimate mail server in existence will gladly comply and send the queued message a short time later.
A few things you need to get started on your OSX Server box:
- Install the developer tools. You need a C compiler and the tools will provide you with one. You can find it on your Server DVD or download the latest and greatest version at developer.apple.com
- Download Darwinports and follow the instructions on their webpage to install it.
- Install postgrey by following these instructions.
- run this command to launch postgrey at startup: sudo launchctl load -w /Library/LaunchDaemons/org.macports.postgrey.plist
- Add this string to your main.cf file under the smtpd_recipient_restrictions section, right at the end: check_policy_service inet:127.0.0.1:60000
Here's an example of what the string could look like:
smtpd_recipient_restrictions = reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client cbl.abuseat.org, check_policy_service inet:127.0.0.1:60000
So, is it worth the effort? Absolutely. It has reduced spam by 99%. Is it going to last? Probably not. At some stage there will be spam software that takes these things into account and we'll be back to square one. But until then it's almost paradise!
You will have to keep an eye on things to make sure that it works properly but chances are that it will.
To get rid of it, you simply remove the line out of the main.cf file and issue this command:
sudo launchctl unload -w /Library/LaunchDaemons/org.macports.postgrey.plist
You will find configuration files in /opt/local/etc/postgrey
You can add whitelist domains in postgrey_whitelist_clients.local or you can change settings by editing the postgrey.conf.sample file and saving it as postgrey.conf. One thing you may want to change is the length of the delay. It is set to 5 minutes or 300 seconds as a default. Decreasing it leads to more Spam, increasing it leads to more delays and probably error messages for the sending party as mail servers may give up and return an undeliverable message back to the sender.