Greylisting With Exim

Posted on by

I recently trialled and then implemented greylisting on a few Exim mail servers, seems pretty straight forward when you know how to add it to the Exim config. I guess I ought to post that config snippet in case it is of use to anyone as it took me a few goes to get right. On Debian and derivatives you need exim4-daemon-heavy and greylistd. You will also need to add the Debian-exim user to the greylist group and ensure that /var/lib/greylistd/whitelist-hosts is group readable.

I use Vexim for added ease of use as most of the integration of Spamassassin and ClamAV is done for you and it provides a web interface to managing virtual domains and users. Therefore my config is different from the Debianised split config. I used dpkg-reconfigure exim4-config to tell exim to use a single config file.

Note the commented out line, this was necessary to make it work with my customised Vexim setup. Yours may well be able to use it so leave it in to start with. I put this in vexim-acl-check-rcpt.conf, which of course you won’t have unless you’re using Vexim, so you’ll have to work out where to put it. I guess I can make edits if people tell me the details.

Give /etc/greylistd/config the once over to make sure it’s set up how you want it, I set my retry period down to 10 minutes as I have users who have time sensitive emails. Also look at /var/lib/greylistd/whitelist-hosts to allow all of the machines you need to be allowed straight through.

With Vexim, you are also using SMTP authentication by default so it would be nice to allow your users through without having to find another means of not greylisting them. If you don’t use SMTP authentication you’ll have to find another way and take out the !authenticated = * line.

This is essentially taken from the greylistd /usr/share/doc/greylistd.

Due to problems with getting WordPress to format the code for me and not hide the backslashes, I have removed the actual config and instead point you to my wiki article on greylisting. Apologies for that.

There are extra bits of config that allow you to catch emails with no envelope sender address, but I’ve not set this up satisfactorily yet, so answers on a postcard.

Other links to Exim Greylisting are at the following:

http://www.debian-administration.org/articles/167

http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/exim-greylisting.html (didn’t work for me)

http://spod.cx/blog/greylisting_with_exim_spamassassin.shtml

One thought on “Greylisting With Exim

  1. Pingback: Adam Sweet’s Blog » Today I Have Been Mostly Irritated By…

Comments are closed.