Greylisting: Difference between revisions

From Run Your Own
Jump to navigation Jump to search
(Created page with "Greylisting is a technique that will reject the first delivery attempt of an email, and whitelist the sender and its recipient emails combination if the sender tried to send t...")
 
No edit summary
 
(One intermediate revision by the same user not shown)
Line 23: Line 23:
  client_name=xxx.xxx.xxx, client_address=999.999.999.999, sender=xxx@xxx.xxx,
  client_name=xxx.xxx.xxx, client_address=999.999.999.999, sender=xxx@xxx.xxx,
  recipient=yyy@yyy.yyy.yyy
  recipient=yyy@yyy.yyy.yyy
  XXX XX XX:XX:XX xxx postfix/smtpd[21555]: NOQUEUE: reject: RCPT from xxx.xxx.xxx[999.999.999.999]: 450 4.2.0 <yyyt@yyy.yyy.yyy>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/yyy.yyy.yyy.html; from=<xxx@xxx.xxx> to=<xxx@xxx.xxx.xxx> proto=ESMTP helo=<xxx.xxx.xxx>
  XXX XX XX:XX:XX xxx postfix/smtpd[21555]: NOQUEUE:
reject: RCPT from xxx.xxx.xxx[999.999.999.999]: 450 4.2.0 <yyyt@yyy.yyy.yyy>:
Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/yyy.yyy.yyy.html;
from=<xxx@xxx.xxx> to=<xxx@xxx.xxx.xxx> proto=ESMTP helo=<xxx.xxx.xxx>
** Second attempt successful:
** Second attempt successful:
XXX XX XX:XX:XX xxx postgrey[21289]: action=pass, reason=triplet found, delay=500, client_name=xxx.xxx.xxx, client_address=999.999.999.999, sender=xxx@xxx.xxx, recipient=yyy@yyy.yyy.yyy
XXX XX XX:XX:XX xxx postgrey[21289]: action=pass, reason=triplet found,
delay=500, client_name=xxx.xxx.xxx, client_address=999.999.999.999,
sender=xxx@xxx.xxx, recipient=yyy@yyy.yyy.yyy
 
[[Category:Email]]

Latest revision as of 09:55, 30 May 2018

Greylisting is a technique that will reject the first delivery attempt of an email, and whitelist the sender and its recipient emails combination if the sender tried to send the same email again. It's an effective method to get rid of spam because most spam emails are only sent once and if it fails to be delivered the spammers usually don't care, as it's all about volume.

A normally configured SMTP server will try again after being refused once, and if it does then the domain will be whitelisted automatically and future emails will not be delayed.

Installation and configuration

It's super simple to install and configure in combination with Postfix.

  • Install postgrey, the Postfix policy server implementing greylisting:
apt install postgrey
  • Edit /etc/postfix/main.cf to add the following line at the end of smtpd_recipient_restrictions:
...
permit_mynetworks,
reject_unauth_destination,
check_policy_service inet:127.0.0.1:10023
  • Restart Postfix (postgrey should already be running after installation)
service postfix restart

Troubleshooting

  • As usual /var/log/mail.info is your friend, postgrey will log things there
  • A typical successful postgrey check will go like this:
    • First attempt rejected:
XXX XX XX:XX:XX xxx postgrey[21289]: action=greylist, reason=new,
client_name=xxx.xxx.xxx, client_address=999.999.999.999, sender=xxx@xxx.xxx,
recipient=yyy@yyy.yyy.yyy
XXX XX XX:XX:XX xxx postfix/smtpd[21555]: NOQUEUE:
reject: RCPT from xxx.xxx.xxx[999.999.999.999]: 450 4.2.0 <yyyt@yyy.yyy.yyy>:
Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/yyy.yyy.yyy.html;
from=<xxx@xxx.xxx> to=<xxx@xxx.xxx.xxx> proto=ESMTP helo=<xxx.xxx.xxx>
    • Second attempt successful:
XXX XX XX:XX:XX xxx postgrey[21289]: action=pass, reason=triplet found,
delay=500, client_name=xxx.xxx.xxx, client_address=999.999.999.999,
sender=xxx@xxx.xxx, recipient=yyy@yyy.yyy.yyy