Difference between revisions of "Postfix greylisting"
From Finninday
| Line 1: | Line 1: | ||
| + | [[Category:Computers]] | ||
On a lark, I decided to implement greylisting on my mail server. It was as easy as "apt-get install postgrey". | On a lark, I decided to implement greylisting on my mail server. It was as easy as "apt-get install postgrey". | ||
Well, almost that easy. I also had to add this to my /etc/postfix/main.cf: | Well, almost that easy. I also had to add this to my /etc/postfix/main.cf: | ||
Revision as of 18:33, 19 October 2007
On a lark, I decided to implement greylisting on my mail server. It was as easy as "apt-get install postgrey". Well, almost that easy. I also had to add this to my /etc/postfix/main.cf:
check_policy_service inet:127.0.0.1:60000
This was slipped in at the end of smtpd_recipient_restrictions.
Now I have a new service in /etc/init.d: postgrey
Every attempt to deliver mail to my server generates a to, from, sending-host triplet and the request is bounced. After 5 minutes, any requests bearing that same triplet are allowed. After 5 successful mails are sent associated with a single triplet it is whitelisted.
And my logs look like this:
Oct 17 16:16:32 localhost postfix/smtpd[32484]: connect from unknown[201.226.226.55] Oct 17 16:16:35 localhost postfix/smtpd[32484]: NOQUEUE: reject: RCPT from unknown[201.226.226.55]: 450 <rday@finninday.net>: Recipient address rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help/finninday.net.html); from=<lingrossfastenrathmet@grossfastenrath.de> to=<rday@finninday.net> proto=ESMTP helo=<auditoria01.cwpanama.net> Oct 17 16:16:35 localhost postfix/smtpd[32484]: lost connection after DATA from unknown[201.226.226.55] Oct 17 16:16:35 localhost postfix/smtpd[32484]: disconnect from unknown[201.226.226.55]
My Bayes filter might get rusty from lack of use now. Hardly anything is persistent enough to get through the greylist.
