きまぐれほげほげひろば
Whim PC open space - top > Tools >Qmail - S25R + tarpit before qgreylist patch (Japanese page)

S25R + tarpit before qgreylist patch

The latest edition is a page of this place.

I cannot speak English. I did machine translation of this page for English from Japanese with http://honyaku.yahoo.co.jp/transtext. Late; because is similar, and there is a funny sentence, please forgive it.

The summary of this patch

This patch is a patch of tool) which adds a function of greylisting to qgreylist(qmail. It add a S25R( selective function with SMTP refusal) and list of white blacklist of the host name base, tarpitting( reply delay) to qgreylist.

Originally it was only the function of the page of this place, but It noticed what could implement S25R by the recycling of this logic when It implemented it when It wanted the blacklist of the host name base that regular expression could use and have implemented it.

You carry out the following before doing greylisting by applying a patch.

  1. It do not do greylisting of the connection from host name defined by a list of white.
  2. It do greylisting of only the host whom It defined by host falling under a rule of S25R and oneself.
  3. It refuse the connection from host name defined by a blacklist. (Regular expression is possible)
  4. It come to perform tarpitting( reply delay). (Of course It can do a validation or neutralization of this function without revising a logic)
  5. When It do greylisting, It perform an HELO check and cancel greylistting when It gave the host name that It appointed in NG.

The merit to apply this patch is as follows.

  1. S25R
    • It do not perform greylisting for the connection from mail server (It judge it from host name) that may be the justice that implementation is right. It reduce a side effect of greylisting. This place has a lot on S25R.
  2. blacklist
    • From the same host, it can exclude a spammer transmitting a message in default setting) of space (qgreylist of 1st from two minutes. (Hand-operated registration)
  3. whitelist
    • It relieve a fair server from a trap of greylisting.
  4. tarpitting(A reply delay)
    • From the same host, it may exclude a spammer transmitting a message in default setting) of space (qgreylist of 1st from two minutes by an SMTP reply delay. (Trouble of the blacklist management may decrease)
    • When there is the fair smtp server which cannot transmit a message again, It can relieve it even if It do not add it to whitelist if It can wait for a reply delay(Trouble of the whitelist management may decrease)
  5. A simple close inspection of HELO
    • When It gave the host name that a connection host defined in HELO, It can cancel registration of qreylist (It do qreylist in non-registration state). It is effective for spam to give spam to falsify the host name of the mail server to implement this script and unusual HELO host name. But (for the host that connection permission by qreylist was approved, this function does not work.) It is effective only for a host connected for the first time who is not registered with qreylist;).

An installation procedure

It is assumed that qgreylist is finished with installation and the establishment and explains it.
  1. You download a patch from here
  2. Develop the archive file which You downloaded
    3. # tar zxvf s25rtarpit_before_qgreylist0.3-0.3.tar.gz
  3. Move to the directory which unfolded
    4. # cd s25rtarpit_before_qgreylist0.3-0.3
  4. Execute setup script(A list of list of white blacklist / S25R conditions is copied by less than /var/qmail.)
    5. # ./setup.sh
  5. Back up qgreylist(From here the point properly)
    6. # cd <directory which there is qgreylist> # cp -p greylist greylist.org
  6. A patch application
    7. # patch < <directory which expanded archivefile>/qgreylist-0.3_s25rbefore-0.3.patch
  7. A start script revision(It cuts a connection host by name solution)
    8. # vi /etc/init.d/qmail :(Omission) # qmail smtpd start /usr/local/bin/tcpserver -vhR -u ${qmaild_uid} -g ${nofiles_gid} \ -x /home/vpopmail/etc/tcp.smtp.cdb 0 smtp \ /var/qmail/bin/greylist \ /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd & :(Omission)
    • All connection is done greylistting of unless It come by name solution
    • greylist just before qmail-smtpd(It start qmail-smtpd with an argument of greylist)

The explanation of a setting item added by a patch

blacklist
It is the directory pass of the blacklist. The connection from the address is refused when It make the file which assumes an IP address a file name in this directory. (whitelist, greylist and how to handle are equal)
tarpittingmode
It appoint a timing to do tarpitting( reply delay) or defeasance. It input 0-2.
  1. Do not do tarpitting( reply delay).
  2. Only the host whom It do not know carries out tarpitting( reply delay).
  3. Carry out tarpitting( reply delay) to all hosts.
hostnameblacklist
It is the file pass of the blacklist of the host name base. Contents 1 of the file defines host name (FQDN) to refuse to be connected in record one line (a new line end) in regular expression. When It add a postscript to host name on this blacklist, please add a postscript to the same definition in a s25rlist_hostname file(To handle S25R earlier)
hostnamewhitelist
It is the file pass of the list of white of the host name base. Contents 1 of the file defines host name (FQDN) to admit connection in record one line (a new line end) in regular expression. It carry out neither S25R nor tarpitting nor greylistting to a host defined here.
helohostblacklist

It is the file pass of the blacklist of the host name to give its name by an HELO command. Contents 1 of the file defines it in) にを regular expression given after the HELO host name (tarpitting passage to refuse connection in record one line (a new line end).

It define host name to refuse for the host name that a host connected by SMTP dummy processing before being in greylistting gives in HELO. When It agreed for a definition, It cancel the greylist registration of the connection host. (In brief, It never accept connection permission by greylist)

hostnames25rlist
It is the pass of the file which defined a condition of S25R. Format 1 in the file is record one line (a new line end). Only a condition of pure S25R is defined by default. Please define host name to register with a blacklist in this file.
badhelohosts
* It is unused in the existing version. (It integrated it with helohostblacklist mentioned above)
tarpitsec
Appoint number of seconds to do tarpitting( reply delay).
tarpitwaitaccept
As a result of having carried out tarpitting( reply delay), It appoint whether It hand over the host who waited to next smtpd immediately. It appoint 0 or 1.
  1. Carry out greylisting successively
  2. Hand it over to next smtpd immediately(it admit SMTP connection)
badhelohostmode
It define whether It validate connection refusal by badhelohosts.
  1. invalidate
  2. validate

Attention

  • By the application of this patch, it cannot exclude 100% spam. Of course I do not guarantee it.
  • Even if any kind of damage occurred by the application of this patch, I do not take responsibility. Please use it by a self-responsibility.

download

A & soliloquy to do a thing that I want to do

  • There is no it for the moment.

Others

If have it of something; to the following e-mail address. (there is a possibility that I do not arrive for home server.) ) which 100% may not reply to for the pressure (I please do not say messily even if they do not do it) webmaster@chidipy.jpn.com
come back