Greylisting

Greylisting can be added to a policy and the below options added. Most options can be inherited or explicitly set.

Greylisting Configuration

Use Greylisting

Enable the use of greylisting.

Greylist Period

Period the triplet will be greylisted for, after which it will be allowed. This value is in seconds. A sane value for this is option is 240 (4 minutes).

Track

How to track the triplet. Currently only SenderIP is allowed. One can specify a bitmask to apply to the sending servers' IP address, for instance /24. This will track the triplet through the entire /24 block. SenderIP's bitmask can be any bitmask, 1-32. A sane value is /24.

(Support for IPv6 is included in r493+, v2.1.x)
Specifying any IPv6 bitmask, 1-128 will apply the bitmask to the sending server's IP address. A sane value for is /64. When using greylisting on both IPv4 and IPv6, please ensure you use the IPv4 policy member 0.0.0.0/0 (or 0/0) and the IPv6 policy member ::/0 to distinguish between the two so you get the bitmask right.

Greylist Auth Validity

The amount of time in seconds that authenticated triplets are valid for. If the triplet is not seen in this period of time it is discarded. Be carefull when setting this as it can affect other options if they are removed too soon. A sane value for this option is 604800 (7 days). This counter is progressive, every update of the triplet will reset the validity period.

Greylist UnAuth Validity

Exactly the same as "Greylist Auth Validity", but for unauthenticated triplets. A sane value for this option is 86400 (1 day).

Use AWL

Use auto-whitelisting. Auto-whitelisting entries are updated each time a message is received.

AWL Period

Amount of time to auto-whitelist for, in seconds.

AWL After Count

After this count, auto-whitelist the sending server.

AWL After Percentage

This combined with "AWL After Count" will change its behavior slightly. After "Count" number of triplets, check and if percentage of authenticated vs. total triplets is higher than "Percentage" then auto-whitelist.

Use ABL

Same as "Use AWL", except for blacklisting.

ABL Period

Same as "Use AWL", except for blacklisting.

ABL After Count

Same as "Use AWL", except for blacklisting.

ABL After Percentage

This combined with "ABL After Count" will change its behavior slightly. After "Count" number of triplets, check and if percentage of unauthenticated vs. total triplets is higher than "Percentage" then auto-blacklist. A value of 90 means if 90% of triplets or more are unauthenticated then blacklist.

Server Configuration

Configuration for this module is done in the Greylisting section in the configuration file.

enable

Set to 1 if you wish to enable this module. Default 0 (disabled).

training_mode

(Supported in: r378+, v2.1.x)

Set to 1 if you wish to have greylisting train only. Default 0 (live).

defer_message

(Supported in: r422+, v2.1.x)

Define defer message. Defaults to "Greylisting in effect, please come back later".

blacklist_message

(Supported in: r422+, v2.1.x)

Define blacklist message. Defaults to "Greylisting in effect, sending server blacklisted".

Whitelisting

Whitelisting of source IPv4 addresses in the format a.b.c.d[/x]. Bitmask is optional and defaults to 32.

(Supported in: r493+, v2.1.x)
Whitelisting of source IPv6 addresses. For a list of supported formats please see IP Address Specification.

IMPORTANT NOTE

Its highly recommended to use the whitelisted hosts file in the database/whitelists/ directory by running...
./parse-greylisting-whitelist > greylisting-whitelist.sql
Then load greylisting-whitelist.sql into your database.

Complete Example

Taking the policies described in the other feature document, we can apply a reasonable greylisting rule to all inbound email....

Greylist Inbound Email

Policy: Default Inbound Policy
Use Greylisting: No
Greylist Period: 240 (4 minutes)
Track: SenderIP:/24 (Track into /24 ranges)
Greylist Auth Validity: 604800 (7 days)
Greylist UnAuth Validity: 86400 (1 day)
Use AWL: Yes
AWL Period: 604800 (7 days)
AWL After Count: 100
AWL After Percentage: 90
Use ABL: Yes
ABL Period: 604800 (7 days)
ABL After Count: 100
ABL After Percentage: 20

Disable Greylisting on authenticated inbound policy

Policy: Default Inbound Policy (SASL)
Use Greylisting: No
Greylist Period:
Track: SenderIP:/32 (default)
Greylist Auth Validity:
Greylist UnAuth Validity:
Use AWL: No
AWL Period:
AWL After Count: 0
AWL After Percentage: 0
Use ABL: No
ABL Period:
ABL After Count: 0
ABL After Percentage: 0