Mailing list, wiki
To do list
milter-greylist is a stand-alone milter written in C that implements the greylist filtering method, as proposed by Evan Harris.
Grey listing works by assuming that, unlike legitimate MTA, spam engines will not retry sending their junk mail on a temporary error. The filter will always reject mail temporarily on a first attempt, then accept it after some time has elapsed.
If spammers ever try to resend rejected messages, we can assume they will not stay idle between the two sends (if they do, the spam problem would just be solved). Odds are good that the spammer will send a mail to a honey pot address and get blacklisted in several real-time distributed black lists before the second attempt.
You need a Sendmail or Postfix that supports the milter interface: at least Sendmail 8.11.x, (8.12.x or higher is recommended), or Postfix 2.3.
milter-greylist has been successfully built on NetBSD, Linux, FreeBSD, Darwin, Solaris, Tru64 UNIX and IRIX. You need libmilter installed on your system, and your system must support POSIX threads (GNU Pth is fine if your system does not have native threads).
Can be enabled on a per-recipient basis
Not everyone wants greylisting. It is extremely efficient against spam, but it introduces a delay in legitimate mail delivery. Users that currently receive no spam (because their address has not yet been harvested by spammers) will not want to trade the extra delay for nothing. In order to address that problem, milter-greylist can be enabled on a per-recipient basis.
Testing is easy
milter-greylist can also be enabled for no recipient except a small list of users. This makes testing easier: install milter-greylist and you can activate it only for an address crippled with junk mail.
Friendly networks white-listing
There are many networks around you that are known to be friendly, and for which you don't want to trade the delivery delay for a junk mail cleanup. milter-greylist can be configured to white-list IP net blocks, so that mail coming from them never goes through greylist filtering.
The "must-have" friendly network is 127.0.0.1/8. You will also white-list your LAN, so that MUA don't bug users with odd messages about e-mail that need to be resent later.
Information report and debugging
milter-greylist tries to report as much information to users as possible.
When a message is rejected, milter-greylist will tell the remote MTA how long there is to wait before the message can be accepted (this feature can be disabled if you prefer that information to remain secret).
Each message that went through the MTA has a X-Greylist header line, which reports what milter-greylist did: message accepted immediately because the sender IP is white-listed, or because the recipient is white-listed. And if the message has been delayed, milter-greylist will report how long it had to wait because of greylisting before being accepted.
The database of pending messages is a plain old text file. The date each message will be accepted is formatted as a human-readable string.
When using multiple MX, the sequence of delivery attempts can become complicated, and if the sending MTA does not try all the MX servers, the delivery can be much longer. milter-greylist has a multi-MX sync feature, that enable the database to be shared by all the MX servers.
In order to minimize the impact of grey-listing, each time a message is accepted, the tuple (sender IP, sender e-mail, recipient-email) gets auto-whitelisted for a configurable time (default is one day). Newer messages matching the same tuple will pass through with no delay. This feature can be disabled.
Roaming users and SMTP AUTH support
You don't want to greylist your roaming users. Starting with version 1.1.1, milter-greylist supports SMTP AUTH, so that authenticated users can bypass the greylist.
Alternatively, if you don't use SMTP AUTH but the "POP before SMTP" paradigm, you can feed milter-greylist a dynamic whitelist of IP addresses generated on the fly as users connect to your POP service. Helmut Messerer wrote some documentation explaining how to do that with poprelay.
Before version 1.5.4, milter-greylist did not fully support IPv6, but it was IPv6-aware. It was just letting messages from IPv6 addresses going in without greylisting them. This was okay since no spammer has switched to IPv6 yet.
Starting with version 1.5.4, thanks to the contribution of Hajimu Umemoto, IPv6 is fully supported.
Milter-greylist enables you to specify what messages should be whitelisted and what message should be greylisted using access-lists (ACL). You can specify complex conditions on sender IP, sender DNS address, sender e-mail address, and recipient e-mail address. Regular expressions are supported.
Starting with version 1.1.3, milter-greylist is able to use libspf_alt to check SPF records. SPF records are DNS objects that tell the whole Internet which server(s) can legally send e-mail from a domain.
Using SPF records, milter-greylist will avoid greylisting any mail that comes from an SPF-compliant server. This feature is optionnal and requires libspf_alt
Starting with 1.1.10, libspf (James Couzens's version) is also supported. libpsf2 is supported starting with version 1.7.2.
milter-greylist have been in production for months on various systems, including rather big mail servers. It seems to perform quite well. We know that it builds reasonably well on NetBSD, Linux, FreeBSD, Darwin, Solaris, Tru64 UNIX and IRIX, and that it works well on NetBSD, Linux, FreeBSD, and Solaris. Of course your experience may vary.
milter-greylist uses main memory to hold its database, which result in very fast operation. However, in case of a system crash, the database is lost. In order to avoid that, a database checkpoint is regularly dumped to a text file. This text file is read at milter-greylist restart, to resume operation at the last checkpoint.
Before version 1.3.3, the database is dumped on each change, which makes milter-greylist quite bad on high volume server. Starting with 1.3.3, you can tune the dump frequency in order to fit bigger mail setups.
Dan Hollis created a mailing list for milter-greylist. The list is aimed at discussions related to milter-greylist: user support, feature requests, and technical design.
To switch to plain text email messages from the list, send a mail to firstname.lastname@example.org with a subject of "Change Delivery Format: Traditional".
There is also a milter-greylist wiki, which is the place to exchange tips and configuration samples.
Here are the future directions for milter-greylist developement:
milter-greylist stable release
This software is free software. It is available under a 3-clause BSD license, which is copied at the end of the README file.
milter-greylist was initially written by Emmanuel Dreyfus. As its popularity increased, it received many contributions, from (in alphabetic order):
If you have contributed something and you are not on the list above, don't hesitate to complain.
This page has been translated into