Greylisting is a technique that will help in preventing spam entering your inbox. Greylisting is related to whitelisting and blacklisting. Every time a given mailbox receives an email from an unknown contact (ip), that mail is rejected with a “try again later”-message (This happens at the SMTP layer and is transparent to the end user). This, in the short run, means that all mail gets delayed at least until the sender tries again – but this is where spam loses out! Most spam is not sent out using RFC compliant MTAs; the spamming software will not try again later. For more information on the workings of greylisting you could read: Greylisting.org

I’ve choosen SQLGrey as it is a good solution and it is very simple to install and operate. SQLGrey is written in Perl which is available on every Mac and uses MySQL for datastorage, but to get it working we will need to add some mandatory Perl modules.

As not many people use Perl on a daily basis it would be good to update the CPAN installation. Execute the following command and accept all the default values:

sudo perl -MCPAN -e 'install Bundle::CPAN'

Next the MySQL module:

sudo perl -MCPAN 'install Bundle::DBD::mysql'

Next are the Net::Server and IO::Multiplex modules:

sudo perl -MCPAN -e 'install Net::Server'
sudo perl -MCPAN -e 'install IO::Multiplex'

When all the Perl modules are installed we are ready to ceate the database for SQLGrey.

Startup a mysql session and enter the following commands to create the SQLGrey database and user:

CREATE DATABASE sqlgrey;
GRANT ALL ON sqlgrey.* TO sqlgrey@localhost identified by 'sqlgreypassword';

At the first startup of SQLGrey the tables and all will be created automatically. Next step is creating a dedicated user called ‘sqlgrey’ for running the SQLGrey daemon.

sudo dscl . -create /Users/_sqlgrey
sudo dscl . -create /Users/_sqlgrey UserShell /usr/bin/false
sudo dscl . -create /Users/_sqlgrey UniqueID 103
sudo dscl . -create /Users/_sqlgrey PrimaryGroupID 27
sudo dscl . -create /Users/_sqlgrey NFSHomeDirectory /var/empty
sudo dscl . -passwd /Users/_sqlgrey ''

If you’ve downloaded SQLGrey from sourceforge please unpack it and ‘cd’ into the source directory. First we need to make some changes to the Makefile to make sure that everything gets installed in the proper directories:

INSTALL = install
ETCDIR = $(ROOTDIR)/etc
CONFDIR = $(ETCDIR)/sqlgrey
SBINDIR = $(ROOTDIR)/sbin
BINDIR = $(ROOTDIR)/bin
INITDIR = $(ETCDIR)/init.d
MANDIR = $(ROOTDIR)/share/man/man1

When you’ve changed this run the following command (the optional -e ROOTDIR stuff makes sure that everything is installed in /usr/local as we try to do with all the other installations):

sudo make -e ROOTDIR=/usr/local install

Next you need to edit the configuration file called ‘sqlgrey.conf‘ in the directory ‘/etc/sqlgrey/‘. I only show you the changes that are different from the default settings:

conf_dir = /usr/local/etc/sqlgrey

user = _sqlgrey
group = _postfix

db_type = mysql
db_name = sqlgrey
db_host = localhost
db_port = default
db_user = sqlgrey
db_pass = sqlgreypassword

admin_mail = info@richard5.net

Next you need to create some extra files in the configuration directory for whitelist purposes:

sudo touch /usr/local/etc/sqlgrey/clients_ip_whitelist.local
sudo touch /usr/local/etc/sqlgrey/clients_fqdn_whitelist.local

To test if everything is configured correctly you could startup SQLGrey from the command line using (which makes sure you use the correct config file):

sudo /usr/local/sbin/sqlgrey -f /usr/local/etc/sqlgrey/sqlgrey.conf -d &

You should see some logging appear in the /var/log/mail.log file, the database tabes should be created and a .pid file should appear in /var/run/

If everything looks allright you can change the postfix configuration to use the greylisting option. You’ll need to edit ‘main.cf‘ in ‘/usr/local/etc/postfix‘ please change the section with ‘smtpd_recipient_restrictions‘ and add the line as shown below. Please note the difference when using DSpam:

without DSpam

smtpd_recipient_restrictions =
  reject_unauth_pipelining,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,
  warn_if_reject,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_invalid_hostname,
  reject_rbl_client zen.spamhaus.org,
  check_policy_service inet:127.0.0.1:2501,  #added line
  permit

with DSpam

smtpd_recipient_restrictions =
  reject_unauth_pipelining,
  reject_non_fqdn_recipient,
  reject_unknown_recipient_domain,
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_unauth_destination,
  warn_if_reject,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_invalid_hostname,
  reject_rbl_client zen.spamhaus.org,
  check_policy_service inet:127.0.0.1:2501, #added line
  check_client_access pcre:/usr/local/etc/postfix/dspam_filter_access

To activate the changes in postfix run the command:

sudo /usr/local/sbin/postfix reload

You now can test the complete setup by sending yourself an email using an external mail server like gmail.

Note:
I had to add the following domains to the file clients_fqdn_whitelist.local to make sure that these domains were able to deliver their email:

*.apple.com
*.google.com
*.ebay.com