Table of content
  1. Configuration
    1. Initialisation
    2. Whitelist
    3. Startup
  2. Integration
    1. Postfix

The grey listing consist to temporarily reject the first message received from an unknown sender, and according to the SMTP protocol the sender must try again later.

This greatly improves spam detection, because from the message rejection there are two possible ways for the sender:

  • not sending the message again, and in this case, it is certainly a person who is doing mass mailing
  • sending the message again, and if it’s spam, the elapsed time will have permited updating of the blacklists like spamcop or spamhaus. These blacklists can be exploited by spamassassin or directly by postfix.
Build information

Ensure the following options:

mail/sqlgrey
1

[x] MYSQL              MySQL backend

Configuration

The configuration file sqlgrey.conf is located in the /usr/local/etc/sqlgrey/ directory.

sqlgrey process and network connection
sqlgrey.conf
1
2
3
4

loglevel             = 2
unix                 = /var/run/sqlgrey.sock
pidfile              = /var/run/sqlgrey.pid
admin_mail           = postmaster
Information to access and manage the database
sqlgrey.conf
1
2
3
4
5
6

db_type              = mysql
db_name              = mail_greylist
db_host              = 127.0.0.1
db_user              = sqlgrey
db_pass              = use_a_real_password
db_cleandelay        = 1800
Management of grey listing
sqlgrey.conf
1
2
3
4
5
6
7

connect_src_throttle = 10
awl_age              = 50
group_domain_level   = 5
greymethod           = smart
optmethod            = optout
discrimination       = off
prepend              = 1

Initialisation

1
2
3
4
5

-- Create databse
CREATE DATABASE mail_greylist CHARACTER SET latin1;
-- Grant access
GRANT ALL ON mail_greylist.* 
          TO 'sqlgrey'@'localhost' IDENTIFIED BY 'use_a_real_password'

Whitelist

Unfortunately not all legit mail servers respect the rules, and it is necessary to have a whitelist for some of them, either based on the IP address clients_ip_whitelist or on the fully qualified host name clients_fqdn_whitelist.

The clients_ip_whitelist and clients_fqdn_whitelist files can be automatically updated using:

Update whitlists
1

update_sqlgrey_config

If you need to manually specify additional servers you need to use:

Startup

rc.conf
1

sqlgrey_enable="YES"

Integration

Postfix

It is used with the check_policy_service action from the /etc/postfix/main.cf configuration file, for example:

main.cf
1
2
3
4

smtpd_recipient_restrictions =
               ...
               check_policy_service unix:/var/run/sqlgrey.sock
               ...

When adding the check_policy_service for sqlgrey, be careful where you place it according to other existing rules