Revision 13 as of 2016-07-29 13:01:35

Clear message

Tag/tag.png

Needs Expansion
This article is incomplete, and needs to be expanded. More info...

Introduction

Greylisting is a spam-reduction technique which can be very effective. It works by delaying mail from unknown senders, and to recipients that - to the greylisting service's knowledge - have not received mail before.

If the sending mail server is standards-compliant, it will attempt to re-send its e-mail message after some time, and your receiving mail server will then accept it. Most spam mailers, on the other hand, do not re-send delayed messages. Thus, in theory, greylisting effectively blocks the majority of spammers.

Servers that re-send the mail will be added to a list of known clients, and will not be delayed in the future. This means that the first e-mail from a given sender will be delayed, but subsequent ones will be received right away.

Installation

First, check that you have enabled the universe repository in /etc/apt/sources.list. See Adding Repositories if you need info on how to do this.

Now install the postgrey package and its dependencies by entering the following command: 

sudo apt-get install postgrey

Configuration

In this guide, we assume that Postgrey is listening on port number 10023.

The default port of Postgrey has been known to vary between versions, so you should begin by checking which one your installation is using.

To check this in Ubuntu 16.04, run: 

sudo grep postgrey /var/log/mail.log | grep -i resolved

You should see an output similar to this: 

Jul 29 13:40:26 mailserver postgrey[16036]: Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4

In this case, we have confirmed that the service is listening on port 10023.

If you need Postgrey to use another port, modify the value of the "--inet" paramteter in /etc/default/postgrey and restart it.

To restart Postgrey in Ubuntu 16.04, run: 

sudo systemctl restart postgrey

Now you are ready to instruct Postfix to use Postgrey.

To accomplish this, you can either edit /etc/postfix/main.cf manually and add check_policy_service inet:127.0.0.1:10023 to the parameter smtpd_recipient_restrictions or have the postconf command set the complete parameter for you. The latter can be done by running e.g. the following command: 

sudo postconf -e 'smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023'

Finally, reload the Postfix configuration: 

sudo postfix reload

In Use

Once Postgrey is running and in use by Postfix, entries will start to appear in /var/log/mail.log. To see the ones printed by Postfix whenever it gets told to delay a message, run: 

sudo grep -i postfix/smtpd /var/log/mail.log | grep -i greylisted

Entries will look something like this: 

Jul 24 16:00:57 mailserver postfix/smtpd[12524]: NOQUEUE: reject: RCPT from mail.server.com[1.2.3.4]: 450 4.2.0 <someone@somedomain.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/somedomain.com.html; from=<bounce-someone.else@anotherdomain.com> proto=ESMTP helo=<mail.server.com>

Postgrey also writes its own log entries. To see the ones it generates whenever it tells Postfix to delay a message, run: 

sudo grep -i postgrey /var/log/mail.log | grep -i action=greylist

Entries will look something like this: 

Jul 24 16:00:57 mailserver postgrey[1420]: action=greylist, reason=new, client_name=mail.server.com, client_address=1.2.3.4, sender=bounce-mc.us11_12345678.998765-someone=somedomain.com@mail.server.com, recipient=someone@somedomain.com

In addition, messages that have been delayed due to greylisting will have an X-Greylist header, e.g.: 

X-Greylist: delayed 1541 seconds by postgrey-1.34 at mail.server.com; Sun, 24 Jul 2016 16:26:38 CEST

The default delay - i.e. the amount of time that must pass before Postgrey will accept a retry from the greylisted client - is 300 seconds (5 minutes). To change this value, edit /etc/default/postgrey and add the --delay=N argument to POSTGREY_OPTS, where N is the desired delay in seconds.

E.g., for a 60-second delay: 

POSTGREY_OPTS="--inet=127.0.0.1:10023 --delay=60"

Whitelisting

You may want to prevent certain senders (known as "clients" in Postgrey) and/or local recipients from getting their mails delayed by greylisting.

Before you start gathering domain names, you should have a look at the file /etc/postgrey/whitelist_clients.

In Ubuntu and other Debian derivatives, the default version of whitelist_clients contains many domains of mail providers (e.g. Google) whose servers are known to transfer legitimate mail.

To add your own list of whitelisted clients in addition to the ones that ship with Postgrey by default, add the file /etc/postgrey/whitelist_clients.local and enter one host or domain per line.

Remember to reload your configuration so that Postgrey can pick up your changes. In Ubuntu 16.04, enter the following command: 

sudo systemctl reload postgrey