Blacklist-augmented Postfix Greylisting

Greylists Suck

Normal Greylisting is a method of temporarily rejecting email messages from unknown hosts. Many spambots do not have sophisticated retry logic, and giving them a temporary error message will effectively reject their mail. Legitimate mail servers, on the other hand, will correctly retry to send mail.

This is fine, but it introduces annoying delays for messages from new sources. This especially stinks when you are waiting for one of those confirmation emails that you need to get access to a new account on the web.

Blacklists Suck More

Blacklists suck even more. If you configure your mail server to use one of these and somebody you know ends up on one, they simply can't send you any email.

My Solution

My approach is a hybrid. It performs greylist-like behavior, but only for hosts which are on a blacklist. This gives you some very nice behavior. It never outright rejects any mail, and it gives very good delivery times for all mail, except when the sending hosts are on a blacklist.

I took the default postfix greylist.pl, and made some modifications. It reads Spamassassin's 20_dnsbl_tests.cf file to find a set of blacklists to check. Each check requires a DNS lookup which can be relatively slow. It is only done if the host is not present in the greylist database.