Add grey listing/delay filtering

ChicagoLinux shared this idea 3 years ago
Completed

Add grey listing/delay filtering, to reduce spam as well as the server load.

Similar to what ASSP from GRscripts is doing:

Delaying (also

known as greylisting) filter permits to block a good amount of spam SPAM at

early

Comments (17)

photo
2

Greylisting seemed to work very well at stopping a lot of spam when I used to use it with a plesk server. Moving to cpanel it was shocking to find out just how much more junk was received because this wasn't an option.

photo
1

Agreed - can't see why it has never been requested as yet. :/ This is very NB

photo
1

We always put off trying gray listing because of the extra delay in recieving e-mails. However we now have tasted SpamExperts implimentation of gray listing and can't live without it. What they do diffently to standard gray listing is they add whole IP blocks to the white list for both successfull incomming as well as for outgoing e-mail. This means that when we enabled outgoing e-mail a few weeks before enabeling incomming filtering we hardly noticed that some e-mails were taking a bit of time to be delivered.

photo
1

FWIW, I'd like to see a graylisting function that could be applied only to certain specified IP blocks that I identify as sending a lot of spam.

photo
1

Hello,

I will be looking into getting my team started on this soon. Would you like to see greylisting done as a serverwide, in WHM, attribute or set via cPanel?

photo
1

I don't have a strong opinion either way.

On one hand, doing it in cPanel would give users the ability to opt out, which seems like a good idea, because some people really hate greylisting. On the other hand, the point (or one of the points) of greylisting is to protect the server from blacklisting, so it would be nice to be able to enforce it in WHM serverwide.

Is "both" possible? Maybe set it in WHM, but give the server admin an option to allow accounts to opt out?

photo
1

I would like to be able to enable/disabile grey listing on an account basis.

What would be great would be if each cPanel user could :

- enable or disable grey listing

- White list an e-mail address

When gray listing is started an account it would be good for users to add all their contacts so that they don't get long delays.

Grey listing will mean that some e-mails arrive very late as suppliers such as Gmail can wait up to 4 hours before trying again.

For our customers, this needs to be very much on a per user basis. Other hosts will want to enforce this for all users, there needs to be a default (enabled or disabled) and a feature to allow users to change these settings or not.

photo
1

Definitely enable serverwide, but yes, make per-user activation/deactivation an option. I would, however, probably suggest it be on by default. Basic security practices.

photo
1

Our initial version of greylisting is doing well in test environments. We should have a fully working version for 11.50.

photo
1

Thanks Travis, that's awesome news. Looking forward to it. :)

photo
1

Is the option to enable/disable per account going to be available as well?

photo
2

Yep, you can enable/disable on a per domain basis. Its already in the edge release if you wish to take a look at it.

photo
1

Is there a way to enable greylisting but have it disabled on all accounts by default or something we can run in SSH to disable it for all accounts?

photo
1

Grey listing can have a serious impact on support staff (email complaints). I've lived this with previous incarnations, so generally turn this off server wide.

What I would find most helpful is the ability to enable server wide but provide a "disable all" option as the initial default setting. Then have a button within cPanel for client to enable at the client level.

photo
1

This is not something we did in an initial roll out but it is rather simple to turn it off for domains. Here is a script to accomplish such.

#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - turn-off-greylisting.pl Copyright(c) 2014 cPanel, Inc.

# All rights Reserved.

# copyright@cpanel.net http://cpanel.net

# This code is subject to the cPanel license.

# Unauthorized copying is prohibited.

use strict;

use warnings;

use LWP::UserAgent ();

use HTTP::Cookies ();

use JSON ();

my $accesshash;

open my $accesshash_fh, '<', '/root/.accesshash'

or die "Unable to open /root/.accesshash: $!";

while (<$accesshash_fh>) {

chomp;

$accesshash .= $_;

}

my $useragent = LWP::UserAgent->new(

cookie_jar => HTTP::Cookies->new,

ssl_opts => {

verify_hostname => 0,

SSL_verify_mode => 0x00

},

);

$useragent->default_header( 'Authorization' => "WHM root:$accesshash" );

my $listaccts = $useragent->get(

'https://127.0.0.1:2087/json-api/listaccts?api.version=1'

);

my $content = eval { JSON::decode_json( $listaccts->decoded_content ) };

my @usernames;

foreach my $acct ( @{ $content->{'data'}{'acct'} } ) {

push @usernames, $acct->{'user'};

}

print "Disabling Greylisting for " . scalar @usernames . " accounts:";

foreach my $acct (@usernames) {

my $success = $useragent->get(

join(

q{},

"https://127.0.0.1:2087/json-api/",

"cpanel",

"?cpanel_jsonapi_apiversion=3",

"&cpanel_jsonapi_user=$acct",

"&cpanel_jsonapi_module=cPGreyList",

"&cpanel_jsonapi_func=disable_all_domains",

)

);

print $success->decoded_content;

}

photo
1

Perfect, thanks!

photo
1

In the event you have any special unicode characters such as accents in any of your account data such as email, user, package name etc, you will need to make a few tweaks to the script to ensure this is encoded properly otherwise the script will fail.

  1. #!/usr/local/cpanel/3rdparty/bin/perl

    # cpanel - turn-off-greylisting.pl Copyright(c) 2014 cPanel, Inc.

    # All rights Reserved.

    # copyright@cpanel.net http://cpanel.net

    # This code is subject to the cPanel license.

    # Unauthorized copying is prohibited.

    use strict;

    use warnings;

    use LWP::UserAgent ();

    use HTTP::Cookies ();

    use Encode ();

    use JSON ();

    my $accesshash;

    open my $accesshash_fh, '<', '/root/.accesshash'

    or die "Unable to open /root/.accesshash: $!";

    while (<$accesshash_fh>) {

    chomp;

    $accesshash .= $_;

    }

    my $useragent = LWP::UserAgent->new(

    cookie_jar => HTTP::Cookies->new,

    ssl_opts => {

    verify_hostname => 0,

    SSL_verify_mode => 0x00

    },

    );

    $useragent->default_header( 'Authorization' => "WHM root:$accesshash" );

    my $listaccts = $useragent->get(

    'https://127.0.0.1:2087/json-api/listaccts?api.version=1'

    );

    my $data = Encode::encode('UTF-8', $listaccts->decoded_content);

    my $content = eval {JSON::decode_json( $data ) };

    my @usernames;

    foreach my $acct ( @{ $content->{'data'}{'acct'} } ) {

    push @usernames, $acct->{'user'};

    }

    print "Disabling Greylisting for " . scalar @usernames . " accounts:";

    foreach my $acct (@usernames) {

    my $success = $useragent->get(

    join(

    q{},

    "https://127.0.0.1:2087/json-api/";,

    "cpanel",

    "?cpanel_jsonapi_apiversion=3",

    "&cpanel_jsonapi_user=$acct",

    "&cpanel_jsonapi_module=cPGreyList",

    "&cpanel_jsonapi_func=disable_all_domains",

    )

    );

    print $success->decoded_content;

    }

Comments have been locked on this page!