mailavenger for Debian ====================== Reference: A. Quick-n-painless three-steps cook list B. Additional Basic Tips C. Extra Information about MailAvenger A. :: Quick-n-painless three-steps cook list :: -------------------------------------- 1. /etc/avenger/asmtpd.conf: Replace 'BindAddr' and 'Hostname' with the proper values. Take into account that you have to put your public IP here, or in case you are relaying email from a WAN/MAN/CAN etc, the IP of the interface in which you see them. The MailAvenger SMTP (asmtpd) will attach to interface and bind for listing to TCP SYN fingerprints and network/routing information. For example: # head -n 5 /etc/avenger/asmtpd.conf # Sample asmtpd.conf file, suitable for sendmail BindAddr 10.4.21.225 Hostname smtp.man.buenosaireslibre.org 2. /etc/avenger/domains Think of any other domain(s) that doesn't match your MailAvenger hostname, which you have already set in Part 1 above. In order to let MailAvenger SMTP know you authorize certain domains to be accepted for relaying, you have to add them in a one-per-line fashion, followed by a ':' (without the quotes) as the end of each line. For example: # head -n 5 /etc/avenger/domains Rohirrim.node.man.buenosaireslibre.org: Londres.node.man.buenosaireslibre.org: Hermes.node.man.buenosaireslibre.org: LaReja.node.man.buenosaireslibre.org: Gizmo.node.man.buenosaireslibre.org: 3. /etc/default/mailavenger Switch the MailAvenger daemon on by taking out 'no' at RUN_DAEMON. ----------------------------------------------------------------------- Do not delete or comment it out, otherwise MailAvenger will not start ----------------------------------------------------------------------- ALL SET!!! Now your will have to take a look at your Mail log to watch them fall down :-) B. :: Additional Basic Tips :: --------------------- By default, MailAvenger is configured to log SMTP transactions in a debug mode This is because in the very first tries you'll be able to quickly find, in case of existing, any network misconfiguration or a missing authentic sender domain that you forgot to append at the 'domains' file at (A) Part 2. In addition to that, if you happen to receive (many) frequent emails from a friendly and known sender, you may not want him to wait or spend some extra time for a STMP transaction, so you can white-list him into your MailAvenger setup. On the other hand, you also may want to white-list some servers that have poor Mail configuration, and, sure, let them know that they are not complaining with STMP standards in a nice and distinguish mail, but remember, not all the network/system administrators do care as much as you do for standardizing, and, of course, try not to verbosely laugh that much at them ;-) You can achive this by fixing their IPs/Domains into the asmtpd.conf file. For example: # egrep '(TrustedNet|TrustedDomain)' /etc/avenger/asmtpd.conf TrustedNet 10.4.13.225 TrustedNet 10.4.14.33 TrustedNet 10.4.14.225 TrustedDomain 1.dhcptrustedpool.man.buenosaireslibre.org TrustedDomain 2.dhcptrustedpool.man.buenosaireslibre.org C. :: Extra Information about MailAvenger :: ----------------------------------- Q: Why do you keep calling it 'MailAvenger' instead of 'Avenger' or 'asmtpd'? Are you insane in the membrain? A: The MailAvenger software is also known as plain 'Avenger', and there might eventually exist some files or directories that are named after each other. For practical reasons, I tried to stick with the cannonical name so no more confusion is added into the equation and created a 'avenger' virtual package that points to the mailavenger software you are looking at :-) Greylisting on MailAvenger -------------------------- One of the awesome features of MailAvenger is that, even thought it handles mail filtering at SMTP'ing time, it keeps being flexible enought to create YOUR OWN decision paths about what/who to send into a temporarily reject list, also known as "Greylisting" technique. The concept behind Greylisting is pretty basic[0]: Temporarily reject any email from a sender that is't recognized by the you. Case A: If the mail is legitimate the originating server will, after a certain delay, try again and, if sufficient time has elapsed, the email will be accepted. Case B: If the mail is from a spam sender, sending to many thousands of email addresses, it will probably not be retried. Example ======= This is simple but powerful example I took from Thomer M. Gil site[1] with a minor modification, that you'll find into /usr/share/doc/mailavenger/examples # cat /etc/avenger/default errcheck case "$SPF0" in error) defer "Temporary error in SPF record processing" ;; pass) accept "SPF sender PASS" ;; esac greylist_delay=5m greylist_ttl1=5h greylist_ttl2=4D greylist "${CLIENT_IP%.*} $RECIPIENT $SENDER" accept Explaination ( See also the avenger(1) manual page ). This 'default' file discards email that MailAvenger has flagged as coming from a non-existent sender (errcheck). Then it immediately accepts email that comes from a SPF-verified sender (accept "SPF sender PASS"). Otherwise it greylists the sender's IP address (in fact, the /24) by telling it to send the email again in 5 minutes (greylist "${CLIENT_IP%.*} $RE....) Then (when the email comes a few minutes later), gets accepted and handed to the MTA (which is responsible for delivering it to the user). This is a MailAvenger output at /var/log/mail.log on a MTA waiting for them: 0. http://en.wikipedia.org/wiki/Greylisting 1. http://thomer.com/howtos/fight_spam.html -- Ulises Vitulli Wed, 6 Jun 2009 01:30:25 -0300