Re: [vox-tech] postgrey is dangerous?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] postgrey is dangerous?
Larry Ozeran wrote:
> I have used a web host based in North Carolina for many years. I recently upgraded from a shared server to a dedicated server and I was hoping to be able to install some SPAM fighting tools. The SPAM software they provide is limited to white listing and black listing and I am now receiving huge volumes of it. I am a part time programmer, not familiar with networks or email servers, but I am tired of huge volumes of SPAM. I reviewed various sites and felt that installing postgrey might give me substantial SPAM reduction with minimal challenges. When I asked my host about installing it, I was told:
> "After further investigation I was able to verify that the request was denied.
> It was specified that this software would be unsafe to run on the server environments run within our network.
> This is per our Systems Administrators."
> After going around with them twice, I don't have what I feel is an adequate answer. Any thoughts on why someone might think that postgrey is "unsafe"? Better yet, any strategies for countering this thinking?
> = = system info - yes the versions are old, but that's not my host's excuse for the denial and they can be updated now that I am on a dedicated server
> Operating System: Redhat Linux Kernel Version: 2.4.26
> Apache/PHP Version: Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.4
> Perl Version: v5.6.0
> MySQL Version: 3.23.33
> Send Mail Version: 8.12.10
> Thanks for any suggestions or clarifications.
I did a could of quick searches and found a couple of things.
There was a security DoS (Denial of Service) issue in the 2006
time frame using Postgray 1.21. On Debian systems there was a
patch which fixed the problem (I did not see any patch for
The current version of Postgrey is 1.31 with a timestamp of
With the above it would be a good chance the DoS issue has
Now lets quickly take a look at how Postgrey works. If the
message the SMTP server receive is the first connection of
a message it is TEMPFAIL rejected (meaning it must be attempted
to send again before the message is accepted).
Now one might ask why do this? At one time some of the spammers
would only attempt to send a message once and if they received
a TEMPFAIL they would drop the message, thus reducing the
amount of SPAM a site might received from a spammer.
PLEASE NOTE: This was before the use of zombie networks. Now
they have the zombies send the message and they don't care if
the zombies have a TEMPFAIL as the message is not sitting on
the spammer machine but maybe on the zombie system but more
likely it is setting on the ISP of the witless user of the
So the bottom line is, using Postgrey now is just a waste of
computer resources and time. As fir it currently being a
security issue, I can't find anything to suggest this is
still true. But your ISP may be using it as an excuse to
not waste their time setting it up, or they may not be using
Postfix (which is required for Postgrey). They could be using
Sendmail, Qmail or Exim.
Is there better solutions? I know a lot of people are using
mimedefang + SpamAssassin + ClamAV to reduce the amount of
SPAM and viruses. Can you stop all SPAM using these methods?
NO. Can you reduce the SPAM yes. Are there other things which
can be done also? Yes you can use DNS blacklist such as
Spamhaus and SpamCop. Again these only help to reduce the
The only way to possible stop SPAM is to rewrite all of the
RFC dealing with mail and require each clients to certify who
they are so the true path can not be hidden and the spammers
could be trace. Note: This really would not fully solve the
problem but would allow the message to be traced back to the
zombie system a lot faster. But zombie networks could still be
used. It would just require a new one to be set-up which would
take time. I also make note of a news article from last year
(sorry I don't have the link any more) where a System installer
who worked out of the US setting up systems for the customers
of the company he worked for (kind of like the Geek Squad of
Best Buy) where he installed the software to turn the systems
into zombie servers.
I hope this gives you some more info.
vox-tech mailing list