User Tools

Site Tools


This is an old revision of the document!

Greylisting with Exim

For greylisting with Exim or Vexim, try the following::

Install greylistd via apt for Debian and derivatives or ATrpms for Fedora/Red Hat and add your exim user to the greylist group, make sure /var/lib/greylistd/whitelist-hosts is group readable, configure greylistd (set your delay time in the main greylistd config file and add your own hosts to /var/lib/greylistd/whitelist-hosts) and insert the following into vexim-acl-check-rcpt.conf on Vexim, or for plain Exim, in the master Exim configuration file. For Debian split config, you'll have to figure out which file to add it to yourself ;-)

   message        = $sender_host_address is greylisted. \
                    Mail from $sender_host_address as <$sender_address> to \
                    <$local_part@$domain> is delayed. \
                    Please try again later.
   log_message    = greylisted.
   !senders       = :
   !hosts         = : +relay_from_hosts : \
   !hosts         = : ${if exists {/etc/greylistd/whitelist-hosts}\
                   {/etc/greylistd/whitelist-hosts}{}} : \
                   ${if exists {/var/lib/greylistd/whitelist-hosts}\
   !authenticated = *
#    !acl           = acl_whitelist_local_deny
   domains        = +local_domains : +relay_to_domains
   verify         = recipient/callout=20s,use_sender,defer_ok
   condition      = ${readsocket{/var/run/greylistd/socket}\
                           {--grey \
                           $sender_host_address \
                           $sender_address \

Placement of this snippet in the config is important. I place it in my ACL section, beneath the RDNSBL and ClamAV sample sections, so that bad senders detectable by other means still have to get through greylisting when they become delisted or send non-viral email. Other people put this config before other checks, the decision is yours.

The commented line was used in the Debian greylistd docs (possibly standard with greylistd) in /usr/share.doc/greylistd/examples/exim4-acl-example.txt, but this ACL didn't apply to the Vexim configuration. There is additional config available elsewhere which shows how to catch mails without an envelope sender. References required.

Note that greylisting also has some disadvantages: emails are always delayed and some mail servers do not properly retry after the first delivery attempt, so emails from these servers are never delivered. Blueyonder and some servers at and are known for this. It is therefore important to have a good white list.

Other greylisting implementations:

This article has a large white list, a method to figure out mail servers from the domain SPF record and some other configuration tips:

greylisting.1165581744.txt.gz · Last modified: 2016/11/25 22:38 (external edit)