Greylisting

Greylisting can be added to a policy and the below options added. Most options can be inherited or explicitly set.

  • Use Greylisting
    • Enable the use of greylisting.
  • Greylist Period
    • Period the triplet will be greylisted for, after which it will be allowed. This value is in seconds. A sane value for this is option is 240 (4 minutes).
  • Track
    • How to track the triplet. Currently only SenderIP is allowed. One can specify a bitmask to apply to the sending servers' IP address, for instance /24. This will track the triplet through the entire /24 block. SenderIP's bitmask can be any bitmask, 1-32. A sane value is /24.
    • Specifying any IPv6 bitmask, 1-128 will apply the bitmask to the sending server's IP address. A sane value for is /64. When using greylisting on both IPv4 and IPv6, please ensure you use the IPv4 policy member 0.0.0.0/0 (or 0/0) and the IPv6 policy member ::/0 to distinguish between the two so you get the bitmask right. (Support for IPv6 is included in r493+, v2.1.x)
  • Greylist Auth Validity
    • The amount of time in seconds that authenticated triplets are valid for. If the triplet is not seen in this period of time it is discarded. Be carefull when setting this as it can affect other options if they are removed too soon. A sane value for this option is 604800 (7 days). This counter is progressive, every update of the triplet will reset the validity period.
  • Greylist UnAuth Validity
    • Exactly the same as "Greylist Auth Validity", but for unauthenticated triplets. A sane value for this option is 86400 (1 day).
  • Use AWL
    • Use auto-whitelisting. Auto-whitelisting entries are updated each time a message is received.
  • AWL Period
    • Amount of time to auto-whitelist for, in seconds.
  • AWL After Count
    • After this count, auto-whitelist the sending server.
  • AWL After Percentage
    • This combined with "AWL After Count" will change its behavior slightly. After "Count" number of triplets, check and if percentage of authenticated vs. total triplets is higher than "Percentage" then auto-whitelist.
  • Use ABL
    • Same as "Use AWL", except for blacklisting.
  • ABL Period
    • Same as "Use AWL", except for blacklisting.
  • ABL After Count
    • Same as "Use AWL", except for blacklisting.
  • ABL After Percentage
    • This combined with "ABL After Count" will change its behavior slightly. After "Count" number of triplets, check and if percentage of unauthenticated vs. total triplets is higher than "Percentage" then auto-blacklist. A value of 90 means if 90% of triplets or more are unauthenticated then blacklist.

Configuration for this module is done in the Greylisting section in the configuration file.

  • enable
    • Set to 1 if you wish to enable this module. Default 0 (disabled).
  • training_mode
    • (Supported in: r378+, v2.1.x)
    • Set to 1 if you wish to have greylisting train only. Default 0 (live).
  • defer_message
    • (Supported in: r422+, v2.1.x)
    • Define defer message. Defaults to "Greylisting in effect, please come back later".
  • blacklist_message
    • (Supported in: r422+, v2.1.x)
    • Define blacklist message. Defaults to "Greylisting in effect, sending server blacklisted".

Whitelisting of source IPv4 addresses in the format a.b.c.d[/x]. Bitmask is optional and defaults to 32.

(Supported in: r493+, v2.1.x) Whitelisting of source IPv6 addresses. For a list of supported formats please see IP Address Specification.

Its highly recommended to use the whitelisted hosts file in the database/whitelists/ directory by running:

./parse-greylisting-whitelist > greylisting-whitelist.sql

Then load greylisting-whitelist.sql into your database.

Taking the policies described in the other feature document, we can apply a reasonable greylisting rule to all inbound email

Greylist Inbound Email

Policy: Default Inbound Policy
Use Greylisting: No
Greylist Period: 240 (4 minutes)
Track: SenderIP:/24 (Track into /24 ranges)
Greylist Auth Validity: 604800 (7 days)
Greylist UnAuth Validity: 86400 (1 day)
Use AWL: Yes
AWL Period: 604800 (7 days)
AWL After Count: 100
AWL After Percentage: 90
Use ABL: Yes
ABL Period: 604800 (7 days)
ABL After Count: 100
ABL After Percentage: 20

Disable Greylisting on authenticated inbound policy

Policy: Default Inbound Policy (SASL)
Use Greylisting: No
Greylist Period:
Track: SenderIP:/32 (default)
Greylist Auth Validity:
Greylist UnAuth Validity:
Use AWL: No
AWL Period:
AWL After Count: 0
AWL After Percentage: 0
Use ABL: No
ABL Period:
ABL After Count: 0
ABL After Percentage: 0