mail spam rabl.nuclearelephant.com is dead

Today some mails did not reached my inbox and were blocked through my postfix spam filter rabl.nuclearelephant.com.
It seems that this rbl is not available since today.

See this info on sourceforge forum page.

Any legacy services that might have been hosted on nuclearelephant.com have been discontinued, in particular rabl.nuclearelephant.com

Solution:

simply remove from your postfix main.cf:
reject_rbl_client rabl.nuclearelephant.com

install postgrey for postfix on Ubuntu

Greylisting is yet another way for preventing your mailbox getting full of spam. A famous spam fighter software is spamassassin which filter emails. Greylisting won’t replace such softwares but it will behave as a powerful proactive barrier which will reduce the amount of spam getting through your mail server.

Greylisting is a great way for fighting spams, the basic idea out of it is that spammers mail servers are not respecting RFC standards specifications which basically says that when an email could not be delivered, the mail server should try again later on. By sending so many emails, spammers can’t afford to spend to much resources on resending emails when they could not be delivered, so if the email could not be delivered in the first place, they won’t send it back to you.

From this ideas, greylisting simply reject any untrusted mail domain by giving a 450 response code, which means “I can’t deal with your request now, please try again later”.
As spam mail server are not usually RFC compliant, they won’t try back and therefore you won’t get the spam.

Postgrey is a postfix policy server implementing greylisting.
It is really easy to integrate to postfix and is really effective.

step 1: install postgrey

apt-get install postgrey libnet-rblclient-perl libparse-syslog-perl libio-socket-ssl-perl

i got a warning during installation, but that can be ignored:
Warning: The home dir /var/lib/postgrey you specified can't be accessed: No such file or directory

step 2: add check_policy_service inet:127.0.0.1:60000 to /etc/postfix/main.cf

for example:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policy, check_policy_service inet:127.0.0.1:60000

step 3: reload postfix configuration

/etc/init.d/postfix reload

step 4: send a test mail and verify your /var/log/mail.log

first entry

Jul 19 18:13:58 MYHOST postgrey[10713]: action=greylist, reason=new, client_name=CLIENT_HOST, client_address=CLIENT_ADDRESS, sender=SENDER_EMAIL, recipient=RECIPIENT_EMAIL

second entry (some minutes later, depends on sender’s MTA)

Jul 19 18:20:20 MYHOST postgrey[10713]: action=pass, reason=triplet found, delay=382, client_name=CLIENT_HOST, client_address=CLIENT_ADDRESS, sender=SENDER_EMAIL, recipient=RECIPIENT_EMAIL

(optional) exclude some recipients from whitelisting

edit /etc/postgrey/whitelist_recipient and add e.g. YOURDOMAIN.COM to exclude this address from greylisting processing.

# postgrey whitelist for mail recipients
# --------------------------------------
# put this file in /etc/postgrey or specify its path
# with --whitelist-recipients=xxx

postmaster@
abuse@
YOURDOMAIN.COM

(optional) postgrey report

to get a postgrey report, simple run this command:

cat /var/log/mail.log | postgreyreport --nosingle_line --check_sender=mx,a --show_tries --separate_by_subnet="--------------------\n"

Reduce spam and enjoy postgrey!