Debian, Exim, and greylistd


Spam is a major problem for both personal and business email users; and one of the most effective ways of preventing spam is by using a technique called greylisting.

This works by initially rejecting the incoming mail, with a temporary fail, asking the sending mail server to retry later. Typically most servers will retry within 15 minutes.

When the server rejects the mail, it stores information about the source address, destination address, and source server; so that when the mail is retried, the server knows to accept it.

However, there is one problem. It is becoming more and more common for companies to have multiple outgoing mail servers, and when a mail fails, the email is passed on to a different server for eash retry. Therefore, every time the mail is retried, it comes from a different source server, and is never recognised by your mail server.

The solution is simple, a single one line change to exim’s config to ignore the source server:

Initial Code:

Greylist Before
New Code:

Greylist After

One Response to “Debian, Exim, and greylistd”

  1. Chris Adams Says:

    One other possibility is matching based on the subnet – I’ve used that to preserve the match on sender address but avoid problems with multiple MTAs in most cases (I’ve encountered few sites which have widely dispersed MTAs); the easiest way to do this is when setting up greylistd:

    greylistd-setup-exim4 add -netmask=24

    All it’s doing is changing the condition line to something like this:
    condition = ${readsocket{/var/run/greylistd/socket}\
    {–grey \
    ${mask:$sender_host_address/24} \
    $sender_address \
    $local_part@$domain}\
    {5s}{}{false}}

Leave a Reply