July Release Confetti
150+ Courses, Challenges, and Learning Activities
Launching in July!
Learn More

Using Greylisting with Postfix in RHEL 7 and CentOS 7.

Introduction

Greylisting is a method to cut down on the junk email a server has to wade through. It's a fairly simple process and doesn't use a lot of resources to implement. It uses the behavior of the server that's sending the email rather than the content of the message. It won't block all junk mail, but it can certainly drop the amount that gets to an inbox.

In short, it works by telling the server that's trying to send you email to try again in 5 minutes. Basically, that's it. The reason this works so well is that the servers that spam emails to you are more interested in getting a lot of emails sent out before they get blacklisted than in following the proper process for emails. So, by using one of the official RFCs for email that allows for an email server to effectively say "Hey, try again in 5 minutes," it can stop a lot of junk from getting to your email users.

A longer explanation is that the greylisting process looks at the 'triplet' that relates to an incoming email. That triplet is made up of the following pieces of information:

CLIENT_IP / SENDER / RECIPIENT

The greylisting process looks at those three items to find out if it's received email from this source before. If it has, then it will send that particular email through whatever normal process you have, such as other spam checking, Blackhole lists, and virus checking. This does mean that the first time you receive an email from any sender that's addressed to any of your users it will get bounced.

Greylisting is easy to install and get set up on a Red Hat Enterprise 7 or CentOS 7 server as there is a package called postgrey, and it’s available in the EPEL repository.

The rest of this guide will be talking about how you install this on a Red Hat 7 or CentOS 7 server.

Some assumptions for this guide are:


  • You understand how email works. (See the link at the bottom, if you're not.)
  • You are familiar with editing files in Linux.
  • You want to do the greylisting on the same server that Postfix is installed.
  • That you are using Postfix as your email server.
  • That you have some experience with configuring Linux and services.


Let's Install!

First, you have to have the EPEL repository installed on your server. With RHEL7 or CentOS 7 it’s fairly easy to add this software repository:

sudo yum -y install epel-release

Once you have the EPEL installed, we will install 2 packages. We will install postgrey and also telnet, which we will use for testing.

sudo yum -y install postgrey telnet

This will install the postgrey and telnet programs for you.


Configuration Files

There are several configuration files used by postgrey:

  • /etc/sysconfig/postgrey : to set the parameters for postgrey itself.
These following files will also be created when you install the postgrey package:


Let's Configure It!

Note: You will need to be the root user or use sudo to do the following commands.

You need to edit the /etc/sysconfig/postgrey file and add the following line.


POSTGREY_OPTS="--delay=300"


Save that change and exit the file. This sets the delay until it will accept the email again to be 300 seconds (5 minutes).


Now you need to edit the main postfix config file. Don’t forget to make a backup of this file in case something goes wrong and you need to put it back how it was.

If you are using one of the Linux Academy Cloud Servers that's available with your subscription, then you can always delete the server and restart. It's still a good idea to make a backup of the file, though.

The command below uses Vim as the editor but feel free to use whatever you are comfortable using.

vim /etc/postfix/main.cf 

My postfix config file is effectively standard as my mail server hasn't been set up. It's basically a new cloud server that's running CentoOS 7.

If you are using postfix already then you may need to adjust the parameters shown below.


Since the config file I am using is a default, I need to change it so that it will accept email via the network interface. Find the following entry:

inet_interfaces = localhost

… and change it to the following so that the server will accept email from the outside world:

inet_interfaces = all

Note: If you do this setup on a Linux Academy cloud server, we don't allow incoming email connections to the servers. When I do my testing later I will need to use another of the Linux Academy servers and have it connect via the internal IP Address. This is because external access to email is blocked.


Now to add the grey listing section.

In the file /etc/postfix/main.cf, locate the section that starts with:

mydestination =

It will probably have other things on the line. It probably looks something like the following:

mydestination = $myhostname, localhost.$mydomain, localhost


You need to add the following BELOW that portion of the file:


smtpd_recipient_restrictions = permit_mynetworks,

    permit_sasl_authenticated,

    reject_unauth_destination,

    check_policy_service unix:/var/spool/postfix/postgrey/socket,

    permit


Now save the file.


Let's start it up and test everything.

We need to ensure that postgrey and postfix start on a server boot, so we need to do the following:

systemctl enable postfix

systemctl enable postgrey


Now let’s make sure both are started:

systemctl start postgrey

systemctl restart postfix


If you look at the last lines of the /var/log/maillog file, then you will see something similar to the following. I have selected the postgrey starting portion.

Jun  8 18:53:57 seang6 postgrey[1471]: Process Backgrounded

Jun  8 18:53:57 seang6 postgrey[1471]: 2017/06/08-18:53:57 postgrey (type Net::Server::Multiplex) starting! pid(1471)

Jun  8 18:53:57 seang6 postgrey[1471]: Binding to UNIX socket file "/var/spool/postfix/postgrey/socket"

Jun  8 18:53:57 seang6 postgrey[1471]: Setting gid to "988 988"

Jun  8 18:53:57 seang6 postgrey[1471]: Setting uid to "993"


Now we can test it.

To test this properly we need to do it from a different server. The reason is that if we use the same server it's running on, then it’s treated as local and won't be filtered. So, let’s jump onto another server I have running and use some manual commands to test if it’s working.


Note: The commands underlined  are the ones I have typed in. These commands simulate a connection from a mail server. If you're doing this yourself, change the IP address to the one you are connecting with.

telnet 172.31.43.228 25

Trying 172.31.43.228...

Connected to 172.31.43.228.

Escape character is '^]'.

220 kevinjames6.mylabserver.com ESMTP Postfix

ehlo noserver.com

250-kevinjames6.mylabserver.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

mail from: none@noserver.com

250 2.1.0 Ok

rcpt to: user@kevinjames6.mylabserver.com

450 4.2.0 <user@kevinjames6.mylabserver.com>: Recipient address rejected: Greylisted for 300 seconds

quit

221 2.0.0 Bye

Connection closed by foreign host.


We can see it says 'Recipient address rejected: Greylisted for 300 seconds', and this shows it’s working. We now have greylisting set up on the server.


Of course, a normal postfix file would also have things such as blacklisting, which would be set under the smtpd_recipient_restrictions = section. However, that's beyond the scope of this guide.


Thank you for reading.


Want more info on email? Here is a Linux Academy introduction to email.

https://linuxacademy.com/cp/socialize/index/type/community_post/id/12416


  • post-author-pic
    Terrence C
    06-10-2017

    Way to go Kevin - nice guide!

  • post-author-pic
    Suresh B
    01-20-2018

    good guide.Does it work for centos6 

Looking For Team Training?

Learn More