Greylist Milter
Greylisting is a great tool to cut down on spam, although alone does not do much good.
From greylisting.org
Greylisting is a new weapon to use against spam in this great war being waged upon it. With this new shielding method, by which you may block out huge amounts of spam, you are sure to please your email clients!
In name, as well as operation, greylisting is related to whitelisting and blacklisting. What happen is that each time a given mailbox receives an email from an unknown contact (ip), that mail is rejected with a "try again later"-message (This happens at the SMTP layer and is transparent to the end user). This, in the short run, means that all mail gets delayed at least until the sender tries again - but this is where spam loses out! Most spam is not sent out using RFC compliant MTAs; the spamming software will not try again later.
In Fedora, setting up greylisting is as simple as installing the Greylist package. On mscoast.com's mail server I have Fedora 8 running and have these packages installed:
milter-greylist-4.0-0.2.rc1.fc8 milter-greylist-sysv-4.0-0.2.rc1.fc8 greylistd-0.8.3.2-8.fc7
Once you have these packages installed, you will still need to modify your sendmail.mc file to handle the milter.
Here is a copy of mscoast.com's sendmail.mc file:
divert(-1)dnl dnl # dnl # This is the sendmail macro config file for m4. If you make changes to dnl # /etc/mail/sendmail.mc, you will need to regenerate the dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is dnl # installed and then performing a dnl # dnl # make -C /etc/mail dnl # include(`/usr/share/sendmail-cf/m4/cf.m4')dnl VERSIONID(`setup for linux')dnl OSTYPE(`linux')dnl dnl # dnl # Do not advertize sendmail version. dnl # dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl dnl # dnl # default logging level is 9, you might want to set it higher to dnl # debug the configuration dnl # dnl define(`confLOG_LEVEL', `9')dnl dnl # dnl # Uncomment and edit the following line if your outgoing mail needs to dnl # be sent out through an external mail server: dnl # dnl define(`SMART_HOST', `smtp.your.provider')dnl dnl # define(`confDEF_USER_ID', ``8:12'')dnl dnl define(`confAUTO_REBUILD')dnl define(`confTO_CONNECT', `1m')dnl define(`confTRY_NULL_MX_LIST', `True')dnl define(`confDONT_PROBE_INTERFACES', `True')dnl define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl define(`ALIAS_FILE', `/etc/aliases')dnl define(`STATUS_FILE', `/var/log/mail/statistics')dnl define(`UUCP_MAILER_MAX', `2000000')dnl define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl dnl # dnl # The following allows relaying if the user authenticates, and disallows dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links dnl # define(`confAUTH_OPTIONS', `A p')dnl dnl # dnl # PLAIN is the preferred plaintext authentication method and used by dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do dnl # use LOGIN. Other mechanisms should be used if the connection is not dnl # guaranteed secure. dnl # Please remember that saslauthd needs to be running for AUTH. dnl # TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl dnl # dnl # Rudimentary information on creating certificates for sendmail TLS: dnl # cd /etc/pki/tls/certs; make sendmail.pem dnl # Complete usage: dnl # make -C /etc/pki/tls/certs usage dnl # define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl dnl # define(`confTO_QUEUEWARN', `4h')dnl define(`confTO_QUEUERETURN', `5d')dnl dnl define(`confQUEUE_LA', `12')dnl dnl define(`confREFUSE_LA', `18')dnl define(`confTO_IDENT', `0')dnl dnl FEATURE(delay_checks)dnl FEATURE(`no_default_msa', `dnl')dnl FEATURE(`smrsh', `/usr/sbin/smrsh')dnl FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(always_add_domain)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl dnl # dnl # The following limits the number of processes sendmail can fork to accept dnl # incoming messages or process its message queues to 20.) sendmail refuses dnl # to accept connections once it has reached its quota of child processes. dnl # dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl dnl # dnl # Limits the number of new connections per second. This caps the overhead dnl # incurred due to forking new sendmail processes. May be useful against dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address dnl # limit would be useful but is not available as an option at this writing.) dnl # dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl dnl # dnl # The -t option will retry delivery if e.g. the user runs over his quota. dnl # FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl # We strongly recommend not accepting unresolvable domains if you want to dnl # protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl dnl # Also accept email sent to "localhost.localdomain" as local email. LOCAL_DOMAIN(`localhost.localdomain')dnl dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # MASQUERADE_AS(`mscoast.com')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # FEATURE(masquerade_entire_domain)dnl FEATURE(`greet_pause', `5000')dnl Sendmail v8.13+ FEATURE(`blacklist_recipients')dnl EXPOSED_USER(`root')dnl dnl Protection against huge messages clogging the bandwidth 5 MB = 5000000 define(`confMAX_MESSAGE_SIZE', `5000000')dnl dnl Protection against spammers and chain letters define(`confMAX_RCPTS_PER_MESSAGE', `10')dnl dnl # dnl # The following limits the number of processes sendmail can fork to accept dnl # incoming messages or process its message queues to 12.) sendmail refuses dnl # to accept connections once it has reached its quota of child processes. dnl # define(`confMAX_DAEMON_CHILDREN', 12)dnl dnl # dnl # Limits the number of new connections per second. This caps the overhead dnl # incurred due to forking new sendmail processes. May be useful against dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address dnl # limit would be useful but is not available as an option at this writing.) dnl # define(`confCONNECTION_RATE_THROTTLE', 1)dnl define(`confTO_COMMAND', `1m')dnl define(`UUCP_MAILER_MAX', `10000000')dnl define(`confBAD_RCPT_THROTTLE', `1')dnl Sendmail v8.12+ INPUT_MAIL_FILTER(`milter-greylist',`S=unix:/var/run/milter-greylist/milter-greylist.sock, T=S:4m;R:4m')dnl dnl INPUT_MAIL_FILTER(`clamav-milter',`S=unix:/var/run/clamav-milter/clamav.sock, T=S:4m;R:4m')dnl INPUT_MAIL_FILTER(`spamass-milter', `S=unix:/var/run/spamass-milter/spamass-milter.sock, T=S:4m;R:4m')dnl MAILER(smtp)dnl MAILER(procmail)dnl dnl MAILER(cyrusv2)dnl
Of note are these lines as they setup more than one milter and are fired in order (I believe, I could be wrong)
INPUT_MAIL_FILTER(`milter-greylist',`S=unix:/var/run/milter-greylist/milter-greylist.sock, T=S:4m;R:4m')dnl dnl INPUT_MAIL_FILTER(`clamav-milter',`S=unix:/var/run/clamav-milter/clamav.sock, T=S:4m;R:4m')dnl INPUT_MAIL_FILTER(`spamass-milter', `S=unix:/var/run/spamass-milter/spamass-milter.sock, T=S:4m;R:4m')dnl
As you can see I have removed clamav from my milters, but could easily add them back. I personally removed them because of my subscriptions to bugtraq mailling list and many times those messages get flagged as virus laden. Since I still want them I was lazy and turned off clamav-milter instead of creating a procmail rule for it.