Postgrey – Postfix Greylisting Policy Server

Greylisting is an anti-spam and virus measure you can use on your mail servers. When a remote server connects for the first time it’s automatically disconnected and can’t connect for a set time limit (default is 5 minutes). If it’s a real mail server it should keep trying to deliver the mail but viruses and spam will more than likely be stopped cold.

Postgrey is a greylisting server for Postfix that Colm Buckley installed on the machine that runs linux.ie
On Debian, it’s as easy as apt-get install postgrey but then you have to configure Postfix to use it:
Edit /etc/postfix/main.cf and modify the line that starts with:
smtpd_client_restrictions = ...
and add inet:127.0.0.1:60000 to the end of it.
Now, you probably want to enable white listing of clients too so edit /etc/default/postgrey and change so it looks like this:
POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=300 --auto-whitelist-clients"
You might want to add the IP range for your local network to /etc/postgrey/whitelist_clients so they’re not greylisted:
/^192\.168\.1\..*/ does the job for my situation I think.
Now, restart Postfix and Postgrey and you should see the following message appear in /var/log/mail.info:
Client host rejected: Greylisted for 300 seconds (see http://isg.ee.ethz.ch/tools/postgrey/help)
If you don’t, it’s not working!
Much later… It’s been active for about 20 hours now and I’ve only received about 10 spams, down from well over 200 usually! The delay in delivery is annoying, but it’s something we can hopefully live with!


You might also like

If you like this post then please subscribe to my full RSS feed. You can also click here to subscribe by email. There are also my fabulous photos to explore too!

5 thoughts on “Postgrey – Postfix Greylisting Policy Server


  1. You may also want to head over to GreyListing.Org for a more detailed analysis of GreyListing.
    This is one of the first domains that the OpenDomain program has sponsored, and they are doing a great job supporting greyListing.
    Note that the domain WordPress.Com is still available for free use!


  2. I think you have a mistake in your tutorial, smtpd_client_restrictions must use check_policy_service inet:127.0.0.1:60000 instead of just inet:127.0.0.1:60000.
    You can also use it in smtpd_recipient_restriction

  3. Pingback: BlogTorrent (1 comments.)

Leave a Reply

Loading Facebook Comments ...