Linux

Greylisting with Exim

I decided to apply greylisting on my server, not because I had to as spamassassin was blocking 99.999999999% of spam, but because I can ;)

I set this up on Exim-4.88 which was the current stable release at the time of writing.

It actually easier than I thought.

Under the "MAIN CONFIGURATION SETTINGS" I added the following line to define my whitelist:

addresslist whitelist_senders = wildlsearch;/etc/exim/greylist_whitelist

The file should contain either full email addresses or wildcard domains.  eg this@email.com or *@email.com on separate lines.

Then under the "ACL CONFIGURATION" section, I have the following.  This precedes the spam section of my config.

warn set acl_m_greyfile = /var/spool/exim/greylist/${length_255:\
${sg{$sender_host_address}{\N\.\d+$\N}{}},\
${sg{$sender_address,$local_part@$domain}{\N[^\w.,=@-]\N}{} }}

defer log_message = greylisted
!senders = +whitelist_senders
condition = ${if exists{$acl_m_greyfile}\
{${if >{${eval:$tod_epoch-\
${extract{mtime}{${stat:$acl_m_greyfile}} }}\
}{180}{0}{1}}\
}{${if eq{${run{/usr/bin/touch $acl_m_greyfile} }}{}{1}{1} }} }
message = Deferred: Temporary error, please try again later

The "!senders = +whitelist_senders" line will lookup against the file you created.  It will also create an empty file within the path of the first line of this section for the time based rejection.  So to keep things "tidy", we'll run a cronjob every 30 mins to remove files.

# Expire greylisters
*/30 * * * * /usr/bin/find /var/spool/exim/greylist -cmin +363 -type f -delete

And that's it!  Restart exim, send an email from an outside source and check your exim log ;)

2017-01-01 12:49:44 H=(209-182-113-49.ip.twinvalley.net) [209.182.113.49] F=<czgxi@biz2net.com> temporarily rejected RCPT <this@email.com>: greylisted

If the mail is from a genuine and correctly configured email server, when it retries (after 3 minutes), the mail will be accepted ;)

Here are some visualisations to show how effective greylisting is.

This is a graph showing the number of spam blocked every day.

Spam blocked
Can you guess when I applied greylisting?

This is a graph showing the grey listing applied every day and how it actually reduces the number of spam emails received by the server.

Greylisting in effect
Greylisting in effect!
Print Friendly, PDF & Email