# More sqlgrey questions - Answered!

## Fred Krogh

So sqlgrey is doing pretty much what it is supposed to do, but the table from_awl is getting to many things in it, and I'm still getting too much spam.

I have the reconnect delay set to 2 (minutes), and the max_connect_age set to 2 (hours).  I have made up a list of trusted email addressed and put that in a table called whitelist ([url],http://www.hyllander.org/content/sqlgrey-and-whitelisting-senders[/url] but I don't think my version of sqlgrey looks in that table.  I'm thinking that maybe if I add more to the delay I can get rid of more of the spam.  (Ideally there would be a way to blacklist it, but if there is one, I haven't seen how to do it.) I think I want to use the optout_email table, but if that is the way to do it, why have the whitelist table.

If I understand things correctly I could change "optmethod=none", to "optmethod=optout", and put my trusted email addressed in the optout_email table.  I believe "optout" means to not greylist, i.e. to pass the email through without bothering to greylist it.  Is this correct?  And if there is some way to blacklist the ugly spam that get into the from_awl table I'd really like to know about it.  Thanks,

FredLast edited by Fred Krogh on Sun May 08, 2016 12:37 am; edited 1 time in total

----------

## Fred Krogh

I think I may have an answer to my question, but it would be nice to have it confirmed.  Namely I think that the optout_email table is for opting out of grey listing for recipients.  This is not all that useful to me.  I got impatient and tried putting the emails I trusted tp get mail from in optout_email and sure enough, nothing gets blocked.  So the only hope is the whitelist table which does not seem to get looked at, or perhaps some way of black listing?

----------

## freke

You can use blacklists by adding to your smtpd_recipients_restrictions: 

```
reject_rbl_client list.dsbl.org,

reject_rbl_client sbl.spamhaus.org,

reject_rbl_client cbl.abuseat.org,

reject_rbl_client dul.dnsbl.sorbs.net,
```

ie.

```
smtpd_recipient_restrictions =

        permit_mynetworks

        permit_sasl_authenticated

        reject_unknown_recipient_domain

        reject_non_fqdn_recipient

        reject_rbl_client list.dsbl.org

        reject_rbl_client sbl.spamhaus.org

        reject_rbl_client cbl.abuseat.org

        reject_rbl_client dul.dnsbl.sorbs.net

        check_policy_service inet:mail.vlh.dk:2501
```

It'll then make queries to those blacklists before letting mail through (which hasn't been permitted by mynetworks or sasl_authenticated)

Alternatively you could look into mail-filter/policyd-weight - it checks multiple blacklist and rejects mails if the sender is in ie. 3 blacklists.

(policyd-weight needs a patch https://bugs.gentoo.org/show_bug.cgi?id=538902 - because of an update to Perls Net::DNS module).

```
May 05 13:20:11 [policyd-weight] weighted check:  NOT_IN_IX_MANITU=-0.25 NOT_IN_SPAMCOP=-0.5 NOT_IN_ZEN_SPAMHAUS=-0.75 IN_CBL=3.25 IN_BRBL_BARRACUDA=3.25 NOT_IN_SPAM_SORBS=-1 NOT_IN_SPAM_RATS=-2 CL_IP_NE_HELO=8 (check from: .5306. - helo: .michelin.localhost. - helo-domain: .localhost.)  FROM_NOT_FAILED_HELO(DOMAIN)=9.5 RESOLVED_IP_IS_NOT_HELO=1.5; <client=unknown[203.121.145.34]> <helo=michelin.localhost> <from=tanisha64@5306.com> <to=admin@vlh.dk>; rate: 21_

May 05 13:20:11 [policyd-weight] decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: michelin.localhost, MTA hostname: unknown[203.121.145.34] (helo/hostname mismatch); <client=unknown[203.121.145.34]> <helo=michelin.localhost> <from=tanisha64@5306.com> <to=admin@vlh.dk>; delay: 6s
```

----------

## Fred Krogh

I have 40 entries in the from_awl table that I don't want email from.  All this in less than a day.  This stuff still swamps my regular email even thought admittedly things are much better than before .  Since places like spamhaus (which I am using) are able to reject mail from certain domains, it seems to me that it should be possible for me to have my own local list.  It's possible my list would reject mail that others might want, but for my purposes I'd be happy not to see any email from these places.  It just seems to me that there should be some way to have such a list locally.  Anybody know how Thanks,

Fred

P.S.  I'm currently using this *Quote:*   

> smtpd_recipient_restrictions =
> 
>    permit_mynetworks  permit_sasl_authenticated  reject_invalid_hostname
> 
>    reject_non_fqdn_hostname  reject_non_fqdn_sender  reject_non_fqdn_recipient
> ...

 

----------

## freke

You can build access maps - ie. I have an /etc/postfix/maps/access_client with:

```
aol.com         REJECT

extendcp.co.uk  OK
```

then 

```
postmap hash:access_client
```

 creates a db-file postfix can use

and under smtpd_client_restrictions

```
check_client_access hash:/etc/postfix/maps/access_client
```

after a 

```
postfix reload
```

postfix now rejects any aol.com connection (which was the number one spamming source on my system).

Likewise you could create a /etc/postfix/maps/sender_access file with ie.

```
spam@spam.com REJECT
```

then use postmap to create a db-file, and add it to smtpd_recipients_restrictions

```
smtpd_recipient_restrictions =

permit_mynetworks,

permit_sasl_authenticated,

check_sender_access hash:/etc/postfix/sender_access,

....
```

and do a reload to start blocking specific senders.

----------

## Fred Krogh

I don't even have a maps directory in my postfix directory and of course no access_client.  This looks like just what I want.  Many thanks freke!

----------

