How to: Enable Greylisting to Prevent Spam¶
Greylisting means that the server will initially reject mail from unknown senders and then accept the message upon the second attempt. This involves a greet delay, so messages will have to wait a few seconds before being accepted. Legitimate mail will wait, but spam will generally not. Further information can be found here.
Enabling both greylisting and tarpitting can be even more effective in reducing spam. Documentation on how to enable tarpitting can be found here.
To Enable Greylisting¶
Log in to the server at the CLI as root, either via SSH or from the terminal
At the CLI, use the text editor to open
/etc/tcprules.d/tcp.smtp
. By default, the contents of the file should look similar to the following:127.:allow,RELAYCLIENT="" ::1:allow,RELAYCLIENT="" :allow,LANG="en_US",QMAILQUEUE="/var/qmail/bin/simscan",CHKUSER_MBXQUOTA="99"
Add
,JGREYLIST=""
to the end of the first two lines. The/etc/tcprules.d/tcp.smtp
file on some servers will have this information included by default. If that is the case, this step can be skipped127.:allow,RELAYCLIENT="",JGREYLIST="" ::1:allow,RELAYCLIENT="",JGREYLIST="" :allow,LANG="en_US",QMAILQUEUE="/var/qmail/bin/simscan",CHKUSER_MBXQUOTA="99"
On the line that begins with
:allow
, addJGREYLIST_DIR="/var/qmail/jgreylist"
127.:allow,RELAYCLIENT="",JGREYLIST="" ::1:allow,RELAYCLIENT="",JGREYLIST="" :allow,LANG="en_US",QMAILQUEUE="/var/qmail/bin/simscan",CHKUSER_MBXQUOTA="99",JGREYLIST_DIR="/var/qmail/jgreylist"
Save and exit the text editor
At the CLI, use the text editor to open
/service/smtp/run
. By default, the beginning of the file should look similar to the following:#!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" RBLSMTPD="/usr/bin/rblsmtpd" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" #GREYLIST="/var/qmail/bin/jgreylist" ARCH=`uname -i`
Uncomment the
GREYLIST
variable by removing the#
#!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" RBLSMTPD="/usr/bin/rblsmtpd" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" GREYLIST="/var/qmail/bin/jgreylist" ARCH=`uname -i`
Save and exit the text editor
At the CLI, make sure that the
/var/qmail/jgreylist
directory is owned by so that it is owned byvpopmail:vchkpw
[root@server ~]# ls -ld /var/qmail/jgreylist drwx------. 2 vpopmail vchkpw 6 May 12 2020 /var/qmail/jgreylist [root@server ~]#
If the directory is not owned by
vpopmail:vchkpw
, update the permissionschown vpopmail:vchkpw /var/qmail/jgreylist
Restart smtp
service smtp restart