Using Greylisting in Postfix

Greylisting can be a pretty effective method for reducing the amount of spam you receive. It works by temporarily rejecting emails. Valid email servers will then retry delivery, and be allowed through while spammers will (hopefully) give up.

  1. Start with a fully updated and configured Postfix server.
  2. Install Postgrey:
    sudo apt -y install postgrey
  3. Configure Postfix to use Postgrey:
    cp /etc/default/postgrey /tmp
    sed -i 's/POSTGREY_OPTS="--inet=10023"/POSTGREY_OPTS="--inet=127.0.0.1:10023 --delay=180"/' /tmp/postgrey
    sudo mv /tmp/postgrey /etc/default/
     
    SRR=$(postconf -p smtpd_recipient_restrictions | sed 's/smtpd_recipient_restrictions = //g')
     
    if [ -z "$SRR" ]; then
         SRR="check_policy_service inet:127.0.0.1:10023";
    else
         SRR="$SRR,check_policy_service inet:127.0.0.1:10023"
    fi
     
    sudo postconf -e "smtpd_recipient_restrictions = $SRR"
  4. Restart Postfix and Postgrey:
    sudo systemctl restart postfix
    sudo systemctl restart postgrey