Home » Qmail Server » SMTP » Port 25

jgreylist

Posted in

An effective tool for dealing with spam is to implement greylisting on your port 25 SMTP service. For a good explanation of how this works, see John Simpon's jgreylist webpage.

Decide which version you want to install - Perl or C. The C version is faster for busier servers

  • Perl version
    The jgreylist script needs to be installed where the SMTP run script can find it. Easiest place is the /var/qmail/bin directory:
    cd /var/qmail/bin
    wget http://qmail.jms1.net/scripts/jgreylist

    The script should be owned by root, have the same group ID as the greylist user's group ID, and have permissions 0750. With these server install instructions, the group is nofiles.
    chmod 0750 jgreylist
    chown root:nofiles jgreylist

    If you do not want to block mail from servers with no reverse DNS, you'll need to change the block_norev variable to "0" in the /var/qmail/bin/jgreylist:
    my $block_norev = 0 ;
  • C Version
    Download the C source code:
    cd /extra/src
    wget http://qmail.jms1.net/scripts/jgreylist.c

    Compile it and then copy it into place:
    gcc -o jgreylist jgreylist.c
    mv jgreylist /var/qmail/bin/jgreylist

Greylist data directory
Create the directory to hold the greylist data. Since John's jgreylist script and SMTP run script is already configured for /var/qmail/jgreylist, let's just use that:

cd /var/qmail
mkdir -m 0700 jgreylist
chown qmaild:nofiles jgreylist

Seeing as we are already using John Simpon's SMTP run script, it's a simple matter of uncommenting the greylist line:
vi /var/service/smtp/run
Uncomment:
#GREYLIST="jgreylist"

If you're using the C version of jgreylist, uncomment the JGREYLIST_???=# lines right below GREYLIST="jgreylist". Those are the environment variables that the C version requires.
By default, John's SMTP run script rejects sender IPs that don't have reverse DNS. If you want to allow them to connection to your server, comment out the line:
#JGREYLIST_NOREV=1

Restart the SMTP service:
svc -t /service/smtp

And after a few seconds, confirm that it is running properly:
svstat /service/smtp

jgreylist-clean
In order to keep the size of our greylist from getting out of hand, we'll install John's jgreylist-clean script and run it periodically to clean up old IP addresses that haven't connected for some time (30 days).
The script will be installed where it is easily accessible - /usr/local/sbin:
cd /usr/local/sbin
wget http://qmail.jms1.net/scripts/jgreylist-clean
chmod 0755 jgreylist-clean

We'll run it nightly, at 1:00 a.m. via cron:

  • Systems with /etc/cron.d (i.e. RedHat, CentOS, etc.)
    cd /etc/cron.d
    echo '0 1 * * * * root /usr/local/sbin/jgreylist-clean >/dev/null 2>&1' > jgreylist-clean
    chmod 644 jgreylist-clean
    touch /etc/crontab
  • Systems without /etc/cron.d (i.e. FreeBSD):
    crontab -e
    0 1 * * * * root /usr/local/sbin/jgreylist-clean >/dev/null 2>&1