Tag: Mail

qmail greylisting patch

Posted on by Andre Beckedorf

As a follow-up to my previous entry about greylisting, here is what I used for the setup: the greylisting patch at Bill Shupp’s wonderful qmail related site.

I’ve made some modifications to his patch to allow for sender address and sender domain based whitelisting.
You can get my patch here:

large-qmail-patch_greylisting-katastrophos.net-20061023.patch

The dbdef.sql file includes an example of how to set up a whitelist filter for a specific sender domain or sender address.

The patch is against Bill’s Large Qmail Patch 0.8.3.

qmail greylisting

Posted on by Andre Beckedorf

Three weeks ago I’ve set up greylisting on our little qmail toaster. The technique works amazingly well on our setup:
The server used to get hit by round about 1600 mails each day. Roughly 70% of those were spam mails. Now, with greylisting activated, this amount has been reduced to just a dozen spam mails and around 350 – 400 legit emails:

qmail AWstats - snapshot taken on October 23rd, 2006.

The server load is also reduced because SpamAssassin and ClamAV are less busy filtering mails:

Average server load - snapshot taken October, 3rd 2006 - four days after setting up greylisting. Peaks are running backups.Average server load for the year. One can pretty clearly see the difference the qmail greylisting makes on the server load.Average server load for the month - snapshot taken October, 23rd 2006. Again, peaks are running backups. The big peak in week 39 was the time of compilation and deployment. Thereafter you can clearly see the drop of server load compared to beginning of week 39.

So, speaking for us, this experiment has been very successful. Exactly no real mails got lost, tons of spam was blocked at the SMTP level. Excellent. Now, let’s see how long the effects of this technique will last…

See http://projects.puremagic.com/greylisting/ to learn more about greylisting.

vpopmail – maildrop – SqWebMail mailfilter patch

Posted on by Andre Beckedorf

On our production mail server we’re using a so called qmail toaster setup. It’s essentially the same setup as described by shupp.org. However, instead of using SquirrelMail for webmail, we opted for SqWebMail and maildrop. The nice thing about SqWebMail is that it offers a web interface for configuring the maildrop mailfilters. That way, every user can configure their filtering rules individually.

The problem here is that vdelivermail (of vpopmail) doesn’t support those mailfilter files. For that to work we need vdelivermail to call maildrop to process those files on an individual basis. However, this requires to setup the processing instructions for every mail account manually. Of course, this is unbearable on a large setup.

We came up with a patch for vdelivermail that automatically chain-calls maildrop if it finds a mailfilter file in the domain’s account directory. Some parts are based on another patch which source I forgot. I mainly extended it to be less strict and to publish certain internal vpopmail/vdelivermail variables as environment variables that could be used inside the mailfilter – namely username, userdir, domainname, domaindir.

If it finds the file in the domain’s directory, it will delegate the mail to the domain-wide mailfilter.
The domain-wide mailfilter will delegate the mail to the users mailfilter if it exists. If not, it will simply do a standard mail delivery to the account’s INBOX.

If vdelivermail can’t find any domain-wide mailfilter it will simply default to standard mail delivery to the account’s INBOX.

Here is the patch against vpopmail 5.4.17:

vpopmail-5.4.17-vdelivermail.c-maildrop.patch

If you’re too lazy to patch the vpopmail sourcecode yourself, here is the already patched vdelivermail.c:

vdelivermail-5.4.17-maildrop.c

(Rename it to vdelivermail.c and place it in the vpopmail source directory and compile.)

Continue reading “vpopmail – maildrop – SqWebMail mailfilter patch”