Greylisting

From Run Your Own
Jump to navigation Jump to search

Greylisting is a technique that will reject the first delivery attempt of an email, and whitelist the sender and its recipient emails combination if the sender tried to send the same email again. It's an effective method to get rid of spam because most spam emails are only sent once and if it fails to be delivered the spammers usually don't care, as it's all about volume.

A normally configured SMTP server will try again after being refused once, and if it does then the domain will be whitelisted automatically and future emails will not be delayed.

Installation and configuration

It's super simple to install and configure in combination with Postfix.

  • Install postgrey, the Postfix policy server implementing greylisting:
apt install postgrey
  • Edit /etc/postfix/main.cf to add the following line at the end of smtpd_recipient_restrictions:
...
permit_mynetworks,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:10023
  • Restart Postfix (postgrey should already be running after installation)
service postfix restart

Troubleshooting

  • As usual /var/log/mail.info is your friend, postgrey will log things there
  • A typical successful postgrey check will go like this:
    • First attempt rejected:
XXX XX XX:XX:XX xxx postgrey[21289]: action=greylist, reason=new,
client_name=xxx.xxx.xxx, client_address=999.999.999.999, sender=xxx@xxx.xxx,
recipient=yyy@yyy.yyy.yyy
XXX XX XX:XX:XX xxx postfix/smtpd[21555]: NOQUEUE:
reject: RCPT from xxx.xxx.xxx[999.999.999.999]: 450 4.2.0 <yyyt@yyy.yyy.yyy>:
Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/yyy.yyy.yyy.html;
from=<xxx@xxx.xxx> to=<xxx@xxx.xxx.xxx> proto=ESMTP helo=<xxx.xxx.xxx>
    • Second attempt successful:
XXX XX XX:XX:XX xxx postgrey[21289]: action=pass, reason=triplet found,
delay=500, client_name=xxx.xxx.xxx, client_address=999.999.999.999,
sender=xxx@xxx.xxx, recipient=yyy@yyy.yyy.yyy