Postfix/Greylisting
Greylisting is a process in which systems attempting to connect to your server to deliver mail for the first time are treated differently to known peers, delaying their mail. If the sending mail server is standards-compliant, it will re-send the e-mail, and the server will accept it. Most spam mailers, however, don't re-send the mail, and so the spam is blocked. Servers that re-send the mail will be added to a white list, and will not be delayed in future. This means that the first e-mail from a given sender will be delayed, but subsequent ones will not be.
Installation
Greylisting for postfix is typically implemented by using the the mail-filter/postgrey package, so first install that:
root #
emerge --ask mail-filter/postgrey
By default postgrey listens to port 10030. This can be changed by modifying POSTGREY_PORT variable in /etc/conf.d/postgrey.
Setup
Next, we need to start it, and set it to start automatically.
root #
rc-update add postgrey default
root #
/etc/init.d/postgrey start
Now we have to tell postfix to use it, by adding the check_policy_service inet:127.0.0.1:10023
entry to the existing smtpd_recipient_restrictions
directive in your main.cf file, as follows.
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
check_policy_service inet:127.0.0.1:10023,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
Deployment
Finally, tell postfix to reload its configuration for the changes to take effect.
root #
/etc/init.d/postfix reload
By using reload instead of restart, we are advised of any syntax errors we may have accidentally introduced and the daemon stays running under its current configuration instead of going down, which is what would happen if we used restart with a syntax error in main.cf!