What is Postgrey?
Postgrey is a policy server for Postfix to implement "greylisting". Greylisting is a spam filtering method that rejects emails from external servers on the first attempt. Spammers usually don’t try to resend their messages, but legitimate mail servers do. Postgrey is designed for use with Postfix, but can also be used with Exim.
We will show you below how to easily install and configure Postgrey on Debian/Ubuntu.
Install packages
On Debian/Ubuntu, Postgrey can be installed with the following command:
apt-get install postgrey -y
Configuration
Edit the file /etc/postfix/main.cf and extend the parameter smtpd_recipient_restrictions to check_policy_service inet:127.0.0.1:10023.
The postfix configuration must then be reloaded:
The postfix configuration must then be reloaded:
sudo postfix reload
In use
Once Postgrey is running and Postfix is set up for use, entries in /var/log/mail.log. In order to obtain the entries that Postfix outputs when it is notified that a message is delayed, perform the following:
sudo grep -i "postfix/smtpd" /var/log/mail.log | grep -i "greylisted"
The entries will look something like this:
Jul 24 16:00:57 mailserver postfix/smtpd[12524]: NOQUEUE: reject: RCPT from mail.server.com[1.2.3.4]: 450 4.2.0 <someone@somedomain.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/somedomain.com.html; from=<bounce-someone.else@anotherdomain.com> proto=ESMTP helo=<mail.server.com>
Postgrey also writes his own log entries. The entries that Postfix generates when a message is to be delayed can be displayed as follows:
sudo grep -i "postgrey" /var/log/mail.log | grep -i "action=greylist"
The entries will look something like this:
Jul 24 16:00:57 mailserver postgrey[1420]: action=greylist, reason=new, client_name=mail.server.com, client_address=1.2.3.4, sender=bounce-mc.us11_12345678.998765-someone=somedomain.com@mail.server.com, recipient=someone@somedomain.com
Messages that have been delayed due to greylisting are provided with an X greylist header, e.g.:
X-Greylist: delayed 341 seconds by postgrey-1.34 at mail.server.com; Sun, 24 Jul 2016 16:26:38 CEST
Adjustments
It is important that you send test messages from another server and carefully observe /var/log/mail.log when you make changes that have been explained in this section.
Whitelisting
You may want to prevent certain remote clients and/or local recipients from receiving their mails delayed by greylisting. But it should also be noted that Postgrey is self-learning and the mails of the sender, which are received several times, are delivered without checking.
However, before starting to compile a list of domains, you should take a look at the contents of the file /etc/postgrey/whitelist_clients. In Ubuntu and other Debian versions, the default version of this file already contains domain names of known email providers (for example, Google) whose servers are known to transmit legitimate emails.
To add your own list of whitelist clients in addition to the default clients, you must create the file /etc/postgrey/whitelist_clients.local and enter one host or domain per line.
To apply the changes, Postgrey must be reloaded:
sudo systemctl reload postgrey
Delay
The default delay - that is, the amount of time that must pass before Postgrey accepts a retry from a greylist client - is 300 seconds (5 minutes). To change this value, edit /etc/default/postgrey and add the argument --delay=N to POSTGREY_OPTS, where N is the desired delay in seconds.
Example of a 60-second delay:
POSTGREY_OPTS="--inet=127.0.0.1:10023 --delay=60"
The changes are applied by restarting Postgrey:
sudo systemctl restart postgrey
Listening Port
In this tutorial, we assume that Postgrey listens to port 10023.
To check this on Ubuntu 16.04 you have to run:
To check this on Ubuntu 16.04 you have to run:
sudo grep "postgrey" /var/log/mail.log | grep -i "resolved"
The output should look something like this:
Jul 29 13:40:26 mailserver postgrey[16036]: Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
In this case, it was confirmed that the service is listening on port 10023.
If you want Postgrey to listen on a different port, edit the file /etc/default/postgrey and change the value of the "-inet" argument as desired.
For example, to listen to Postgrey on port 10113, use --inet=10113.
For example, to listen to Postgrey on port 10113, use --inet=10113.
The postfix configuration must then be adjusted in /etc/postfix/main.cf by changing the parameter "check_policy_service" to check_policy_service inet:127.0.1:10113. To apply the change, Postgrey must restart...
sudo systemctl restart postgrey
...and reload the Postfix configuration
sudo postfix reload
IPv6
If Postgrey runs on the same machine as Postfix and you want to use IPv6 instead of the IPv4 standard, it probably won’t make a big difference in performance in practice, but it can be useful for other applications.
To use Postgrey over IPv6, only the IPv6 address must be specified in addition to the port number in /etc/default/postgrey.
For example, to listen on port 10023 over IPv6 on localhost, use --inet=[:1]:10023.
Then edit the postfix configuration in /etc/postfix/main.cf and change the parameter "check_policy_service" to check_policy_service inet:[:1]:10023.
To apply the change, Postgrey must restart...
sudo systemctl restart postgrey
...and reload the Postfix configuration
sudo postfix reload