home download features changelog mailing list policyd v2

Policy Daemon   Greylisting Greylisting is a concept that originated from Evan Harris which is described in better detail at http://greylisting.org Greylisting is a new method of blocking significant amounts of spam at the mail server level, but without resorting to heavy weight statistical analysis or other heuristic (and error prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mail server. Greylisting relies on the fact that most spam sources do not behave in the same way as "normal" mail systems. Although it is currently very effective by itself, it will perform best when it is used in conjunction with other forms of spam prevention. Sender Throttling Sender throttling module allows quota enforcement. Currently you may throttle based on amount of mails and total mail size sent over a given period of time which you define. Eg: You can enforce that camis@mweb.co.za does not send more than 1000 mails or 1gig of mail (whichever limit is hit first) in say a 5 minute period. There are 3 possible sender throttling methods: 1) Throttle by (envelope) From address or domain 2) Throttle by SASL user name 3) Throttle by IP address or netblock Recipient Throttling Recipient Throttling module allows quota enforcement. An example of where this module is useful are if people maintain SMS gateways and have requirements that SMS abuse does not occur. Also this is useful on outgoing smtp/relays during virus outbreaks. Recent virus outbreaks had a few infected machines flooding the same recipients over and over. You can enforce that no user receives more than 1000 mails in a given time period. Upon the first delivery a recipient receives, if they do not exist in the database, the module will grab the configuration defaults from policyd.conf and those values will be inserted into the database. You can at a later stage (if you wish) increase those limits by changing the values in MySQL. If you want to create users immediately with high values, you can do the following: Spamtrap The spamtrap module should be very effective, especially in really large environments. Previously baited spamtraps would require that the mail actually enters the network and gets delivered into a mailbox. Any attempted deliveries to any of the spamtrap addresses will cause that host/net block to be blacklisted for N amount of hours. Using the spamtrap module the host gets blacklisted without having to accept or transfer any mail so resources are kept to a minimum. Blacklist Helo The blacklist helo module allows you to blacklist hosts or net blocks (c-class) who use HELO and attempt to identify themselves using your own hostname/ip address. This will allow you to quickly build up a list of known spammer networks. This module is effective because its completely automated and can be used to permanently ban networks even if they stop identifying themselves with your hostnames at a later stage. HELO Randomization Prevention (HRP) The HRP module allows you to catch spammers which randomize their HELO identities. This can be used in combination with greylisting to provide an effective way of cutting spammers down before accepting any part of the message. There are a handful of legit companies which do this, mainly because floating queues/mtas on different ip addresses. This has been tested and has been found to be very effective even if this module is used on its own. (Look at the 'HELO_CHECK' portion of policyd.conf) Whitelist 1) Whitelisting based on IP or netblock 2) Whitelisting based on sender 3) DNS name whitelisting Blacklist 1) Sender blacklisting 2) DNS name blacklisting