Greylisting is a method to fight spam. Senders who send a mail for the first time will be temporary blocked and stored in the greylist. Regular mailservers will attempt to deliver the mail a second time after a while, as it is not unusual, that mails can not be delivered immediately. At this second delivery attempt the sender is known and the mail will be delivered. Further mails from the same sender will be delivered without any delay for a certain time span.

Spammers will send mails only once as they often use just a simple SMTP client without any error handling. Even if some spammers use regular mailservers there is a good chance that the spammer is already known at the second delivery attempt and will be recognized by RBLs and spam filters.

Note: The following instruction is a mnemonic for myself and describes the neccessary steps for Ubuntu 10.04 LTS.

If your server uses Postfix as mailserver, you can add greylisting additionally very easy using Postgrey.

apt-get install postgrey

ps aux | grep postgrey

You should see a line like this:

postgrey 31898 ?        Ss     0:00 /usr/sbin/postgrey --pidfile=/var/run/postgrey.pid --daemonize --inet=10023

The important thing is the output –inet=10023 – that is the port where Postgrey accepts connections.

If needed you can modify the options in the file /etc/default/postgrey – e.g. the delay after the second attempt of a sender is accepted (the standard is 300 seconds – reducing this to 50 seconds makes sense since some servers try a second delivery already after one minute):

POSTGREY_OPTS="--inet=10023 --delay=50"

Wenn you change any of the defaults for Postgrey you have to restart the Daemon with

/etc/init.d/postgrey restart

For this the file /etc/postfix/main.cf has to be extended as follows:

In the line with smtpd_recipient_restrictions =  an additional entry check_policy_service inet:127.0.0.1:10023 has to be added (if Postgrey uses another port than 10023, the entry has to be changed accordingly).

Afterwards reload the Postfix configuration:

postfix reload

For this you have to send a test mail – from a different address – and check, if the file /var/log/mail.info contains entries, which look similar to the following (some parts where made anonymous with xxx – of course you should find the real data there):

Sep 11 07:52:43 xxx postgrey[31898]: action=greylist, reason=new, client_name=xxx, client_address=xxx, sender=xxx, recipient=xxx
Sep 11 07:52:43 xxx postfix/smtpd[31972]: NOQUEUE: reject: RCPT from unknown[xxx]: 450 4.2.0 <xxx>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/xxx; from=<xxx> to=<xxx> proto=SMTP helo=<xxx>

When the sending mailserver tries the delivery again, the mail should be accepted then, which you can recognize by an according message in the log:

Sep 11 08:01:05 xxx postgrey[31898]: action=pass, reason=triplet found, delay=508, client_name=xxx, client_address=xxx, sender=xxx, recipient=xxx

The triplet of ip address, sender and receiver will now be stored to the database of postgrey as “known sender” and further mails from the same address should by delivered immediately without any delay.

Since the most spammers don't to this – try the delivery a second time – most spam mails will just be ignored