— 2 min read

Contents

A simple yet effective method for protecting your mail server from spam is to use greylisting. In simple terms, when an email is received the server will temporarily reject it with a 450 response code claiming that the server is busy, the sending server should then attempt to try to deliver at a later point in time, if enough time has passed the recipient server will then accept the incoming mail and whitelist the send address for a period of time.

This is effective because most spam servers are configured not to retry the send whereas real mail servers generally will retry. This sadly does not protect against spam coming from comprised mail servers or accounts like on Hotmail.com.

Installation

sudo apt-get install postgrey

Configuring Postgrey

By default Postgrey runs on 127.0.0.1:60000, which is the local loopback interface so it is not exposed to the outside world.

If you open up /etc/default/postgrey and modify the POSTGREY_OPTS line you can configure how long to grey list for.

--delay=60

would greylist the sending server for 60 seconds (the default value is 300 second, 5 minutes), if a retry was attempted after 60 seconds the sender would automatically become whitelisted, by default this sender is whitelisted for 35 days but can be changed using the —max-age option

--max-age=10

would whitelist for 10 days.

They can be combined as below.

POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=60 --max-age=10"

Once you’re satisfied save and closed and restart Postgrey.

sudo /etc/init.d/postgrey restart

Configuring Postfix

Open up /etc/postfix/main.cf and add the following within smtpd_receipient_restrictions

check_policy_service inet:127.0.0.1:60000

This is best added after your SASL and sender domain checks but before SPF and blacklists, see below for an example

smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_unknown_sender_domain,
    check_policy_service inet:127.0.0.1:60000

Now reload Postfix

sudo /etc/init.d/postfix reload

Testing

Now if you tail your mail.log you will see your Postgrey instance rejecting incoming email like below.

Sept 24 22:26:18 heimdall postfix/smtpd[4256]: NOQUEUE: reject: RCPT from example.com[xxx.xxx.xxx.xxx]: 450: Recipient address rejected: Greylisted for 300 seconds (see https://isg.ee.ethz.ch/tools/postgrey/help/spammed.com.html); from=to=proto=ESMTP helo=<example.com>

Related articles

Kura

Anarchist. Pessimist. Bipolar. Hacker. Hyperpolyglot. Musician. Ex-(semi-)pro gamer. They/Them.

Kura
View Source