User Tools

Site Tools


greylisting

Greylisting with Exim

For greylisting with Exim or Vexim, try the following::

Install greylistd via apt for Debian and derivatives or ATrpms for Fedora/Red Hat and add your exim user to the greylist group, make sure /var/lib/greylistd/whitelist-hosts is group readable, configure greylistd (set your delay time in the main greylistd config file and add your own hosts to /var/lib/greylistd/whitelist-hosts) and insert the following into vexim-acl-check-rcpt.conf on Vexim, or for plain Exim, in the master Exim configuration file. For Debian split config, you'll have to figure out which file to add it to yourself ;-)

defer
   message        = $sender_host_address is greylisted. \
                    Mail from $sender_host_address as <$sender_address> to \
                    <$local_part@$domain> is delayed. \
                    Please try again later.
   log_message    = greylisted.
   !senders       = :
   !hosts         = : +relay_from_hosts : \
   !hosts         = : ${if exists {/etc/greylistd/whitelist-hosts}\
                   {/etc/greylistd/whitelist-hosts}{}} : \
                   ${if exists {/var/lib/greylistd/whitelist-hosts}\
                           {/var/lib/greylistd/whitelist-hosts}{}}
   !authenticated = *
#    !acl           = acl_whitelist_local_deny
   domains        = +local_domains : +relay_to_domains
   verify         = recipient/callout=20s,use_sender,defer_ok
   condition      = ${readsocket{/var/run/greylistd/socket}\
                           {--grey \
                           $sender_host_address \
                           $sender_address \
                           $local_part@$domain}\
                           {5s}{}{false}}

Placement of this snippet in the config is important. I place it in my ACL section, beneath the RDNSBL and ClamAV sample sections, so that bad senders detectable by other means still have to get through greylisting when they become delisted or send non-viral email. Other people put this config before other checks, the decision is yours.

The commented line was used in the Debian greylistd docs (possibly standard with greylistd) in /usr/share.doc/greylistd/examples/exim4-acl-example.txt, but this ACL didn't apply to the Vexim configuration. There is additional config available elsewhere which shows how to catch mails without an envelope sender but I never found it. References required.

Note that greylisting also has some disadvantages: emails are always delayed from an unknown sender and some (stupid) mail servers do not retry after the first delivery attempt, so emails from these servers are never delivered. Blueyonder aka Virgin Media and some servers at yahoo.com and ebay.com are known for this. It is therefore important to have a good white list. Be sure to keep an eye on your logs for mails from legitimate senders that never retry and whitelist them.

You can set your greylisting retryMin down to 10 seconds, you might get a slight increase in spam and lose the benefit that spammy senders will normally be blacklisted in RBLs within an hour, but you don't have to wait so long for real mail to get through if time is sensitive.

Other greylisting implementations:

This article has a large white list, a method to figure out mail servers from the domain SPF record and some other configuration tips:

http://www.schirmacher.de/display/INFO/SPAM+filtern+mit+Greylisting

http://www.slett.net/spam-filtering-for-mx/exim-greylisting.html#exim-greylist-mysql

http://greylisting.org/

http://theinternetco.net/projects/exim/greylist

http://www.debian-administration.org/articles/167

http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/exim-greylisting.html

http://spod.cx/blog/greylisting_with_exim_spamassassin.shtml

http://users.aber.ac.uk/auj/spam/

greylisting.txt · Last modified: 2016/11/25 22:38 (external edit)