Page 1 of 1

Greylisting for Exim

Posted: Tue Jan 08, 2019 3:53 am
by plutocrat
I noticed a couple of posts in the Russian language forums about greylisting, from two years ago or so. I wondered if anyone had recently tried to implement this. I've done it before on Postfix, and the postgrey package seems to do it OK. However support for Exim doesn't seem to be as good, and many of the attempts are not current. I thought I'd check here to see if anyone had had any success, and what package they used.
Here's the greylisting.org reference page: http://www.greylisting.org/implementations/exim.php

Bley seems to be a reasonably up-to-date package, but it repeats a bit of existing blocklist functionality. https://github.com/evgeni/bley

Re: Greylisting for Exim

Posted: Wed Jan 16, 2019 4:23 am
by plutocrat
In case anyone else is interested, I got postgrey working, by following the instructions here.
https://github.com/schweikert/postgrey/ ... EADME.exim

Installation is simple: apt install postgrey
This sets up the daemon, and enables it with systemctl.

Next step, you need to edit /etc/default/postgrey and add --exim as an option to start the daemon. ie.
POSTGREY_OPTS="--inet=10023 --exim "
(plus whatever other options you want to add here). Then restart with systemctl restart postgrey.service
You can check that the right commandline was issued with systemctl status postgrey.service

OK now to edit the exim config. I followed the VestaCP convention and put a line at the top of the config which lets you turn greylisting on and off easily by commenting out a single line.
GREYLIST = yes

Then go down to the ACL section. Find the section labeled acl_check_rcpt (which corresponds to acl_smtp_rcpt mentioned in the docs)
You can put this code anywhere between acl_check_rcpt and the following "accept". The higher up the list, the sooner the check is processed, so you might choose to do it before other checks or after.

Code: Select all

.ifdef GREYLIST
 defer log_message = greylisted host $sender_host_address
       set acl_m3  = request=smtpd_access_policy\nprotocol_state=RCPT\nprotocol_name=${uc:$received_protocol}\nhelo_name=$sender_helo_name\nclient_address=$sender_host_address\nclient_name=$sender_h
ost_name\nsender=$sender_address\nrecipient=$local_part@$domain\n\n
       set acl_m3  = ${sg{${readsocket{inet:127.0.0.1:10023}{$acl_m3}{5s}{}{action=DUNNO}}}{action=}{}}
       message     = ${sg{$acl_m3}{^\\w+\\s*}{}}
       condition   = ${if eq{${uc:${substr{0}{5}{$acl_m3}}}}{DEFER}{true}{false}}
  warn message     = ${sg{$acl_m3}{^\\w+\\s*}{}}
       condition   = ${if eq{${uc:${substr{0}{7}{$acl_m3}}}}{PREPEND}{true}{false}}
.endif
Note that as per the documentation, I had to use $acl_m3 instead of $acl_m0 as m0, m1 and m2 were already in use.
Also note that I had to change the socket from /var/run/postgrey to inet:127.0.0.1:10023 to match the configuration as installed by apt.
Restart with systemctl restart exim4.service
And then tail -f /var/log/exim4/mainlog to monitor your incoming mail queue.

Just to explain greylisting very quickly, the server will now reject anyone's email when they first try to connect, and will record their IP, From, and To addresses. After a short interval (300 sec), if the same IP, To, and From tries again, it will let it through (and continue to for the next month). This works because spammers never try twice, and proper email servers will retry after minutes or hours, and keep going up to 5 days.

Re: Greylisting for Exim

Posted: Sat Jan 19, 2019 9:06 am
by plutocrat
I have currently disabled this config, as it was greylisting my OUTGOING emails as well!! I'll post an updated version when I've figured it out. NB. Config disabled by putting a # in front of #GREYLIST = yes