Skip to main content

Greylisting with postgrey - a spam fighter

Hi there! A couple of days ago, I have setup postgrey. It eliminated 99.9999% of spams entering my users' mailbox. The implementation of greylisting is done at MTA level (postfix) reducing my mailserver load (especially my spam filter). It is like the front-end spam filter before the spams got filtered by anti-spam if they can pass through. It is designed as a complement to existing defenses against spam, and not as a replacement. So far so good. For time being, I guess no spam ever reach my users' mailbox as I went through a couple of test accounts.

*Note: There's one caveat - Greylisting delays all unknown e-mail, not just spam.

The source came with contributed script for reporting. Check it out to see whether your policy really works.

For those new to this, read below:

Your question : What in the hell is postgrey?
My Answer : Postgrey is a Postfix policy server implementing greylisting

Your question : What in the hell is greylisting?
My answer : (see below - taken from here )

Greylisting is a new method of blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mailserver.

Greylisting relies on the fact that most spam sources do not behave in the same way as normal mail systems. Although it is currently very effective by itself, it will perform best when it is used in conjunction with other forms of spam prevention. For a detailed description of the method, see the Whitepaper.

The term Greylisting is meant to describe a general method of blocking spam based on the behavior of the sending server, rather than the content of the messages. Greylisting does not refer to any particular implementation of these methods. Consequently, there is no single Greylisting product. Instead, there are many products that incorporate some or all of the methods described here.

Your question : How does it work actually?
My answer : (see below - taken from wikipedia)

Typically, a server that utilizes greylisting will record the following three pieces of information (known as a triplet) for each incoming mail message:

  • The IP address of the connecting host.
  • The envelope sender address.
  • The envelope recipient address.

This is checked against the mail server's internal whitelist. If any of this information has never been seen before, the email is greylisted for a set period of time (how much time is dependent on the server configuration), and it is refused with a temporary rejection. The assumption is that since temporary failures are built into the RFC specifications for e-mail delivery, a legitimate server will attempt to connect again later on to deliver the e-mail. Don't forget there's still many mailservers do not conform to the RFC.

Greylisting is effective because many mass e-mail tools utilized by spammers are not set up to handle deferrals (they will never bother to retry a failed delivery), so the spam is never delivered.

More information can be obtained here

Your question : Can I use Greylisting on my personal mail account?

My answer : Because Greylisting methods are designed to work at the mail server level, unless you have control of your own mail server, or your ISP has installed a Greylisting implementation for you, you will not be able to take advantage of Greylisting.


  1. postgrey home
  2. postfix greylisting policy
  3. What is greylisting?

*UPDATE: I just found a better greylisting solution : sqlgrey.


Popular posts from this blog

mplayer-gui error : Error in skin config file

After installing mplayer-gui package, I can't start it.

$ gmplayer MPlayer 1.1-4.8 (C) 2000-2012 MPlayer Team mplayer: could not connect to socket mplayer: No such file or directory Failed to open LIRC support. You will not be able to use your remote control. Error in skin config file on line 6: PNG read error in /usr/share/mplayer/skins/default/main Config file processing error with skin 'default'
After googling a bit, I found out that it was due to the png files in dir /usr/share/mplayer/skins/default. This is the default skin directory. To fix this error, I have to install ImageMagick package because I want to use the convert program to convert all of the png files to format png24. Thus, cd /usr/share/mplayer/skins/default; for FILE in *.png ; do sudo convert $FILE -define png:format=png24 $FILE ; done
Rerun gmplayer and all should be fine.
Have fun!
UPDATE (02-10-2017)

It doesn't work on Ubuntu 16.04 (xenial) but there's a workaround here.

You can update your syst…

Transparent proxy with squid 2.6

I have upgraded my squid from 2.5 STABLE13 to 2.6 STABLE18. Transparent proxy is setup differently in this version. You need this directives in squid.conf (usually in /etc or /usr/local/etc or /usr/local/squid/etc, check with your distro).

acl our_networks src
http_access allow our_networks
http_port transparent
always_direct allow all

where is your proxy server IP address.

If you have flushed your iptables, create new rule:

iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 3128

where 3128 is the port where squid is running.

postfix - mailbox size limit and message size limit

postfix is my MTA of choice. I use it for my mailserver because its simplicity , security and sendmail-compatible (the widely used smtp in the world but not as secure). It is also extensible by plugging other servers for various purposes (antispam, antivirus,database etc).

I had one problem with file attachment larger than 10MB. Users couldn't send it although I have setup squirrelmail (SM) to be able to attach files summed up more than 20MB and I had modified php settings as per here. The problem was not in SM setting. It was postfix. By default, attachment size that can be sent by postfix is 10MB ~ 10240000 byte. How did I know it? I looked in log file (for my system it is in /var/log/mail/errors. For other system, the file to look is /var/log/maillog). The line looked like this:

Feb 26 16:30:53 webmail postfix/sendmail[30775]: fatal: Message file too big

Open /etc/postfix/ with a text editor of choice and find message_size_limit directive an…