Integrating Postgrey into Postfix (Greylisting Filter)


In this article I'm going to show the simple integration of Postgrey into a postfix installation:

Basically the installation of postgrey is done with:
apt-get install postgrey
 
Then you should (but it's not needed) customize a little bit its configuration file /etc/default/postgrey, which contains:
POSTGREY_OPTS="–inet=127.0.0.1:60000" #Postgrey uses the port 60000 locally
POSTGREY_TEXT="Greylisted" #This parameter is optional and contains the error message, that is displayed when an e-mail is detected as spam
 
The greylisting filter by default is working with a delay of 5 minutes. With the following option (in seconds) you can change this value for example to 2 minutes:
 –delay=120
This option can be added to the POSTGREY_OPTS parameter (see above).
 
What you should know is that Postgrey cotnains a whitelist for clients and receivers:
/etc/postgrey/whitelist_clients
/etc/postgrey/whitelist_recipients
Here you can add some hosts if necessary.
 
Now we're going to integrate Postgrey into Postfix. Therefore you have to edit the file /etc/postfix/main.cf, the line containing smtpd_recipient_restrictions.
In this line you add:
check_policy_service inet:127.0.0.1:60000
This has to be added before the Permit.
 
An example could look like this:
smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated,  reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unauth_destination, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:60000, reject_unauth_pipelining
The parameters have to be in one line, else Postfix will show some errors.
 
Now you have to restart the services and your greylisting filter should be working.
/etc/init.d/postgrey restart
/etc/init.d/postfix restart