Michele Neylon :: Pensieri

Technology, Marketing, Domains, Thoughts

Postgrey – Greylisting In Postfix on Ubuntu (Debian)

by 5 Comments

A lot of mail server admins have been forced to implement some form of spam checks at the SMTP level.
Some of the implementations are quite demented and probably do more harm than good, whereas others are extremely sane.



Greylisting, however, seems to be a very good idea.
Basically the concept is based on spammers’ idiocy or lack of patience (take your pick). Most spammers use bruteforce methods to send as much mail at one time. Delivery rates don’t really matter. If you think about the number of viagra ads they’ve got to send out at one time you can see why that would be the case
A properly configured mailserver, however, “cares” if mail is delivered or not and so will keep retrying (up to a certain limit and depending on the SMTP response).
A mail server using greylisting will basically tell servers sending mail to it to go away for X seconds before allowing them to resend the mail and actually accepting it.
An example SMTP transaction with greylisting enabled:

Oct 7 00:24:47 sicilia postfix/smtpd[15309]: connect from xxx.blacknight.ie[217.xxx.xxx.xx]
Oct 7 00:24:47 sicilia postfix/smtpd[15309]: NOQUEUE: reject: RCPT from xx.blacknight.ie[217.xxx.xxx.xx]: 450 : Client host rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help); from=<do********@***xx.com> to=<xx*@***xx.com> proto=ESMTP helo=
Oct 7 00:24:47 sicilia postfix/smtpd[15309]: disconnect from xx.blacknight.ie[217.xxx.xxx.xx]

300 seconds later the sending mail server can try again and the mail will be accepted.
If the sender were a spammer they probably wouldn’t retry.
Getting this working on Ubuntu with postfix is very easy:
apt-get install postgrey
This installs the greylisting daemon for postfix and starts it.
You should be able to see that it is running with the following command:
netstat -anp | grep 60000
It should return something like:

tcp 0 0 127.0.0.1:60000 0.0.0.0:* LISTEN 14321/postgrey.pid

The final step of the configuration is to add a couple of lines to postfix’s main.cf:
smtpd_recipient_restrictions =
reject_unauth_destination
check_policy_service inet:127.0.0.1:60000
Don’t forget to reload postfix:
/etc/init.d/postfix reload
You can whitelist your own network or any trusted mail servers by editing /etc/postgrey/whitelist_clients
This seems to work for me, but your mileage may vary
The Book of Postfix

Related Posts:

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *