398

MDaemon 9.6x: Setting up Greylisting in MDaemon

MDaemon 9.6x: Setting up Greylisting in MDaemon

Greylisting is one of many tools in MDaemon's arsenal to protect your server from abuse.  Greylisting keeps records of triplets for each mail transaction:

  1. The IP address of the host attempting the delivery.
  2. The envelope sender address.
  3. The envelope recipient address.

From this, we now have a unique triplet for identifying a mail 'relationship'. With this data, we simply follow a basic rule, which is:

If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time with a temporary failure.  The sending host must retry after the given amont of time.

 

    1. Open the MDaemon interface by double-clicking on the system tray icon.
    2. Select Security from the menu bar
    3. Select Relay/Trusts/Tarpit...
    4. Select the Greylisting tab.
    5. Enable Greylisting by enabling the first option.
  1. You will want to tweak the settings to suit your needs. There really are no 'right' or 'wrong' ways to set up greylisting. Here are what the rest of the options mean:

    ...but only for gateway domains - Mail to gateways will be the only messages subject to greylisting.

    White list - Click this button to configure addresses that are exempt from greylisting.

    Defer initial delivery attempt with 451 for this many minutes - This setting controls the duration of the delay.

    Expire unused greylisting database records after this many days - Configure how long greylisting records are kept here. You should allow greylisting entries to expire because there can be performance issues if the file gets too large. Leave it at 10 or set it below.

    Advanced - Use this button with caution as it opens the greylist text database.

    Don't include IP address when greylisting (use only MAIL & RCPT values) - Click this check box if do not wish to use the sending server’s IP address as one of the greylisting parameters. This will solve the potential problem that can be caused by server pools, but it will reduce greylisting’s efficiency.

    Don't greylist subsequent connections which pass SPF processing - Once a SMTP session passes SPF processing, MDaemon will not greylist further connections from the same host.

    Don't greylist mail from senders in local address books - MDaemon will exempt senders in the recipient's address book from greylisting when this option is enabled.

    Don't greylist messages to mailing lists - When this option is enabled, MDaemon will not greylist messages to local mailing lists.

    Don't greylist mail sent over authenticated sessions - This option should generally be enabled and will allow sessions that successfully authenticate to send without the greylisting delay.

    Don't greylist mail from trusted IPs - Any IP listed as trusted will be exempt from greylisting when enabling this option.