Greylisting is a method to cut down on the junk email a server has to wade through. It's a fairly simple process and doesn't use a lot of resources to implement. It uses the behavior of the server that's sending the email rather than the content of the message. It won't block all junk mail, but it can certainly drop the amount that gets to an inbox.
In short, it works by telling the server that's trying to send you email to try again in 5 minutes. Basically, that's it. The reason this works so well is that the servers that spam emails to you are more interested in getting a lot of emails sent out before they get blacklisted than in following the proper process for emails. So, by using one of the official RFCs for email that allows for an email server to effectively say "Hey, try again in 5 minutes," it can stop a lot of junk from getting to your email users.
A longer explanation is that the greylisting process looks at the 'triplet' that relates to an incoming email. That triplet is made up of the following pieces of information:
CLIENT_IP / SENDER / RECIPIENT
The greylisting process looks at those three items to find out if it's received email from this source before. If it has, then it will send that particular email through whatever normal process you have, such as other spam checking, Blackhole lists, and virus checking. This does mean that the first time you receive an email from any sender that's addressed to any of your users it will get bounced.
Greylisting is easy to install and get set up on a Red Hat Enterprise 7 or CentOS 7 server as there is a package called postgrey, and it’s available in the EPEL repository.
The rest of this guide will be talking about how you install this on a Red Hat 7 or CentOS 7 server.
Some assumptions for this guide are:
- You understand how email works. (See the link at the bottom, if you're not.)
- You are familiar with editing files in Linux.
- You want to do the greylisting on the same server that Postfix is installed.
- That you are using Postfix as your email server.
- That you have some experience with configuring Linux and services.
First, you have to have the EPEL repository installed on your server. With RHEL7 or CentOS 7 it’s fairly easy to add this software repository:
sudo yum -y install epel-release
Once you have the EPEL installed, we will install 2 packages. We will install postgrey and also telnet, which we will use for testing.
sudo yum -y install postgrey telnet
This will install the postgrey and telnet programs for you.
There are several configuration files used by postgrey:
- /etc/sysconfig/postgrey : to set the parameters for postgrey itself.
Let's Configure It!
Note: You will need to be the root user or use sudo to do the following commands.
You need to edit the /etc/sysconfig/postgrey file and add the following line.
Save that change and exit the file. This sets the delay until it will accept the email again to be 300 seconds (5 minutes).
Now you need to edit the main postfix config file. Don’t forget to make a backup of this file in case something goes wrong and you need to put it back how it was.
If you are using one of the Linux Academy Cloud Servers that's available with your subscription, then you can always delete the server and restart. It's still a good idea to make a backup of the file, though.
The command below uses Vim as the editor but feel free to use whatever you are comfortable using.
My postfix config file is effectively standard as my mail server hasn't been set up. It's basically a new cloud server that's running CentoOS 7.
If you are using postfix already then you may need to adjust the parameters shown below.
Since the config file I am using is a default, I need to change it so that it will accept email via the network interface. Find the following entry:
inet_interfaces = localhost
… and change it to the following so that the server will accept email from the outside world:
inet_interfaces = all
Note: If you do this setup on a Linux Academy cloud server, we don't allow incoming email connections to the servers. When I do my testing later I will need to use another of the Linux Academy servers and have it connect via the internal IP Address. This is because external access to email is blocked.
Now to add the grey listing section.
In the file /etc/postfix/main.cf, locate the section that starts with:
It will probably have other things on the line. It probably looks something like the following:
mydestination = $myhostname, localhost.$mydomain, localhost
You need to add the following BELOW that portion of the file:
smtpd_recipient_restrictions = permit_mynetworks,
Now save the file.
Let's start it up and test everything.
We need to ensure that postgrey and postfix start on a server boot, so we need to do the following:
systemctl enable postfix
systemctl enable postgrey
Now let’s make sure both are started:
systemctl start postgrey
systemctl restart postfix
If you look at the last lines of the /var/log/maillog file, then you will see something similar to the following. I have selected the postgrey starting portion.
Jun 8 18:53:57 seang6 postgrey: Process Backgrounded
Jun 8 18:53:57 seang6 postgrey: 2017/06/08-18:53:57 postgrey (type Net::Server::Multiplex) starting! pid(1471)
Jun 8 18:53:57 seang6 postgrey: Binding to UNIX socket file "/var/spool/postfix/postgrey/socket"
Jun 8 18:53:57 seang6 postgrey: Setting gid to "988 988"
Jun 8 18:53:57 seang6 postgrey: Setting uid to "993"
Now we can test it.
To test this properly we need to do it from a different server. The reason is that if we use the same server it's running on, then it’s treated as local and won't be filtered. So, let’s jump onto another server I have running and use some manual commands to test if it’s working.
Note: The commands underlined are the ones I have typed in. These commands simulate a connection from a mail server. If you're doing this yourself, change the IP address to the one you are connecting with.
telnet 172.31.43.228 25
Connected to 172.31.43.228.
Escape character is '^]'.
220 kevinjames6.mylabserver.com ESMTP Postfix
mail from: firstname.lastname@example.org
250 2.1.0 Ok
rcpt to: email@example.com
450 4.2.0 <firstname.lastname@example.org>: Recipient address rejected: Greylisted for 300 seconds
221 2.0.0 Bye
Connection closed by foreign host.
We can see it says 'Recipient address rejected: Greylisted for 300 seconds', and this shows it’s working. We now have greylisting set up on the server.
Of course, a normal postfix file would also have things such as blacklisting, which would be set under the smtpd_recipient_restrictions = section. However, that's beyond the scope of this guide.
Thank you for reading.
Want more info on email? Here is a Linux Academy introduction to email.