|
Next revision
|
Previous revision
|
greylisting [2006/12/08 12:35]
adam created and addes stuff from Vexim Wiki |
greylisting [2009/06/09 22:20]
adam |
| For grey listing with Exim, try the following:: | ===== Greylisting with Exim ===== |
| |
| Install greylistd and add your exim user to the greylist group, make sure /var/lib/greylistd/whitelist-hosts is group readable, configure greylistd (set your delay time in the main greylistd config file and add your own hosts to /var/lib/greylistd/whitelist-hosts) and insert the following into vexim-acl-check-rcpt.conf on Vexim, or for plain Exim, in the master Exim configuration file. For Debian split config, you'll have to figure out which file to add it to yourself ;-) | For greylisting with [[http://www.exim.org|Exim]] or [[http://silverwraith.com/vexim/|Vexim]], try the following:: |
| | |
| | Install greylistd via apt for Debian and derivatives or ATrpms for Fedora/Red Hat and add your exim user to the greylist group, make sure /var/lib/greylistd/whitelist-hosts is group readable, configure greylistd (set your delay time in the main greylistd config file and add your own hosts to /var/lib/greylistd/whitelist-hosts) and insert the following into vexim-acl-check-rcpt.conf on Vexim, or for plain Exim, in the master Exim configuration file. For Debian split config, you'll have to figure out which file to add it to yourself ;-) |
| |
| defer | defer |
| {5s}{}{false}} | {5s}{}{false}} |
| |
| Placement of this snippet in the config is important. I place it in my ACL section, beneath the RDNSBL and ClamAV sample sections, so that bad senders detectable by other means still have to get through greylisting when they become delisted or send non-viral email. | Placement of this snippet in the config is important. I place it in my ACL section, beneath the RDNSBL and ClamAV sample sections, so that bad senders detectable by other means still have to get through greylisting when they become delisted or send non-viral email. Other people put this config before other checks, the decision is yours. |
| | |
| | The commented line was used in the Debian greylistd docs (possibly standard with greylistd) in /usr/share.doc/greylistd/examples/exim4-acl-example.txt, but this ACL didn't apply to the Vexim configuration. There is additional config available elsewhere which shows how to catch mails without an envelope sender but I never found it. References required. |
| |
| The commented line was used in the Debian greylistd docs (possibly standard with greylistd) in /usr/share.doc/greylistd/examples/exim4-acl-example.txt, but this ACL didn't apply to the Vexim configuration. There is additional config available elsewhere which shows how to catch mails without an envelope sender. References required. | Note that greylisting also has some disadvantages: emails are always delayed from an unknown sender and some (stupid) mail servers do not retry after the first delivery attempt, so emails from these servers are never delivered. Blueyonder aka Virgin Media and some servers at yahoo.com and ebay.com are known for this. It is therefore important to have a good white list. Be sure to keep an eye on your logs for mails from legitimate senders that never retry and whitelist them. |
| |
| Note that greylisting also has some disadvantages: emails are always delayed and some mail servers do not properly retry after the first delivery attempt, so emails from these servers are never delivered. Blueyonder and some servers at yahoo.com and ebay.com are known for this. It is therefore important to have a good white list. | You can set your greylisting retryMin down to 10 seconds, you might get a slight increase in spam and lose the benefit that spammy senders will normally be blacklisted in RBLs within an hour, but you don't have to wait so long for real mail to get through if time is sensitive. |
| |
| Other greylisting implementations: | Other greylisting implementations: |
