Greylisting is an important tool in the war against spam, servers who connect to a mail server with an active greylisting are given a 450 recipent address rejected error the first time they try to connect and will not be allowed to successfully connect for a predefined time frame (normally a couple of minutes). A 450 SMTP error is not a permanent error and an RFC compliant mail server will try and resend the email again a bit later on. On the other hand the tools spammers tend to use do not adhere to standards and will not bother to retry sending the message again.
Reasons why you should care? It saves system resources, since we are stopping its delivery in the first place, not so many resources (CPU cycles, memory etc) will be wasted trying to seperate the good mail from the bad as opposed to using other techniques such as bayesian analysis straight off the bat. The postgrey application is very easy to implement and all clients that have connected to the server in the past are remembered, and allowed to pass mail through without any delay reducing latency in the delivery of messages.
So how do we go about implementing this? stick with me and i will run you through the process although this article is based around FreeBSD, it is not much different to get greylisting working on other systems with minimal of changes.
First open a terminal and follow the instructions below:
cd /usr/ports/mail/postgrey/ && make install clean
Edit your /etc/rc/conf file and add the line:
postgrey_enable = “YESâ€
Also edit line 45 of the file /usr/local/etc/rc.d/postgrey.sh and change from
postgrey_enable=${postgrey_enable:-“NO”}
to
postgrey_enable=${postgrey_enable:-“YES”}
Open the file /usr/local/etc/postfix/main.cf and add the line (all on one line):
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,check_policy_service inet:172.0.0.1:10023
run the command
postfix check
From the command line to check we dont have any problems with the new configuration.
Start the postgrey deamon with:
/usr/local/etc/rc.d/postgrey.sh start
And restart postfix with the command so your changes to the configuration file becomes active:
postfix reload
Use the command:
tail -f /var/log/maillog
To check we dont have any errors showing up in the logs we should also see entries similar to:
Nov 7 12:08:29 mail postfix/smtpd[18682]: NOQUEUE: reject: RCPT from c9503c2d.bhz.virtua.com.br[201.80.60.45]: 450 <jb@mikesgroup.com>: Recipient address rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help/sykesgroup.com.html); from=<deborahsmarks@buggywhipstudio.com> to=<jb@sykesgroup.com> proto=ESMTP helo=<acer-2e68c49b20.bhz.virtua.com.br>
Further reading material on the subject of greylisting can be found at:
http://en.wikipedia.org/wiki/Greylisting