It queries sbl-xbl.spamhaus.org, taking advantage of the Spamhaus Block List (SBL) and the Exploits Block List (XBL).

1. Download the latest mod_spamhaus deb package from sid package repository (mod_spamhaus is not available for lenny but we can use the sid package)

wget http://ftp.us.debian.org/debian/pool/main/m/mod-spamhaus/libapache2-mod-spamhaus_0.7-1_i386.deb


This package is for i386. If you are using other architecture, you can find a suitable package on the bottom of this page: http://packages.debian.org/sid/libapache2-mod-spamhaus

2. Install the package

dpkg -i libapache2-mod-spamhaus_0.7-1_i386.deb


Apache is automatically restarted and the module is enabled. If you would like to test the module you can add a line to your hosts file to make it think that your IP address is blocked (pico /etc/hosts)

127.0.0.4 1.0.168.192.sbl-xbl.spamhaus.org


Replace 1.0.168.192 with your IP address and reverse it. The IP address 192.168.0.1 should read 1.0.168.192.

By default, only POST, PUT, OPTIONS, CONNECT methods are blocked. You can add GET to the list of methods blocked in /etc/apache2/mods-enabled/mod-spamhaus.conf to block the spammers from seeing your website.

It's assumed that you have already installed Postfix and MailScanner. If not, check these tutorials:

Installing Postfix with MySql backend and SASL for SMTP authentication
Installing and configuring MailScanner for virus and spam filtering (Postfix, ClamAV, SpamAssassin, Razor)

1. Install the Postfix policy engine

apt-get install postfix-policyd-spf-perl


2. Add the policy check to smtpd_recipient_restrictions (pico /etc/postfix/main.cf)

smtpd_recipient_restrictions = [...], check_policy_service unix:private/policy


Make sure you don't remove other restrictions, just add it to the end of the line.

3. Add the policy engine to the Postfix master.cf (pico /etc/postfix/master.cf)

policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/sbin/postfix-policyd-spf-perl


4. Reload Postfix configuration

postfix reload


5. Check if this is working

telnet yourserver 25
HELO gmail.com
MAIL FROM:
RCPT TO:
DATA
test
.


Replace user*@domain.com with a e-mail address hosted on your Postfix mailserver and user*@gmail.com with a valid Gmail e-mail address.

Look at /var/log/mail.log and you should see that the MailScanner score has been increased by SPF related rules:

Message 62ACA1813C.AFC5A from 192.168.1.4 (user@gmail.com) to domain.com is spam, SpamAssassin (score=7.394, required 6, MISSING_SUBJECT 1.28, SPF_HELO_NEUTRAL 2.00, SPF_NEUTRAL 1.21, TVD_SPACE_RATIO 2.90)


In name, as well as operation, greylisting is related to whitelisting and blacklisting. What happen is that each time a given mailbox receives an email from an unknown contact (ip), that mail is rejected with a "try again later"-message (This happens at the SMTP layer and is transparent to the end user). This, in the short run, means that all mail gets delayed at least until the sender tries again - but this is where spam loses out! Most spam is not sent out using RFC compliant MTAs; the spamming software will not try again later.

Now let's install postgrey
apt-get install postgrey


Configure Postfix (pico /etc/postfix/main.cf)
Add "check_policy_service inet:127.0.0.1:60000" to the list recipient restrictions

The list may look similar to this one:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000


Reload the Postfix daemon
postfix reload


By default postgrey delays all messages for 5 minutes. To change this, edit the postgrey configuration file (pico /etc/default/postgrey)

Change POSTGREY_OPTS so that it read something like this:
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=60"
The delay is specified in number of seconds. When you have changed the value, restart the daemon
/etc/init.d/postgrey restart