Deploying Postfix
Copyright 2002, 2003, 2004, 2005, 2006 Andy Barclay
OpenContent License (OPL)
Greylisting has reduced the amount of spam I'm receiving by 90%.
How it works
============
An MTA connects to my mail server and attempts to deliver mail.
My mailserver rejects the mail with a temporary error and records
the sending MTA, the sender's email, the recipient email and the current time.
Legitimate MTAs are required to retry temporary errors, and they will
do so a few minutes later. On these subsequent attempts, the mail will
be accepted. Spammers, on the other hand, will probably not retry since
their primary objective is to deliver as much mail as possible. Retrying
is not in their best interest.
How to implement it
===================
greplist.pl is part of the postfix distribution. Copy it to /usr/local/bin
Add the following to the end of the smtpd_receipient_restrictions in main.cf
------
check_policy_service inet:127.0.0.1:9998
------
Also, change the timeout, so that the postfix doesn't timeout the child
----
127.0.0.1:9998_time_limit=3600
----
Now add the following entry to master.cf
-------
# AWB - turn on greylisting
127.0.0.1:9998 inet n n n - - spawn
user=nobody argv=/usr/bin/perl /usr/local/bin/greylist.pl
-------
Edit greylist.pl to set the location for the greylist database
---
$database_name="/var/spool/postfix/greylist/greylist.db";
---
For Solaris, I had to change the syslog_socktype to 'inet'