How to configure Greylisting in MDaemon
Greylisting is one of many tools in MDaemon's arsenal to protect your server from abuse. Greylisting keeps records of 'greylisting triplets' for each mail transaction:
- The IP address of the host attempting the delivery.
- The envelope sender address.
- The envelope recipient address.
From this, we now have a unique triplet for identifying a mail 'relationship'. With this data, we simply follow a basic rule, which is:
If we have never seen this triplet before, then refuse this delivery and any others that may come within a certain period of time using a temporary failure. The sending host must retry after the given amount of time.
- Click Security.
- Click Security Settings...
- Expand the Other section on the left of the window.
- Select Greylisting on the left of the window.
- Click Enable greylisting.
- Change how long messages will be delayed before they are delivered, if desired.
- Change other options as desired, as described below.
- Click OK.
You will want to tweak these settings to suit your needs. There is not a 'right' or 'wrong' way to set up greylisting. Here is a list of what the other options mean:
- ...but only for gateway domains - Mail to gateways will be the only messages subject to greylisting.
- White list - Click this button to configure addresses that are exempt from greylisting.
- Defer initial delivery attempt with 451 for this many minutes - This setting controls the duration of the delay. By default, this is set to 15 minutes.
- Expire unused greylisting database records after this many days - Configure how long greylisting records are kept here. You should allow greylisting entries to expire because there can be performance issues if the file gets too large. By default, this is set to 10 days.
- Advanced - Use this button with caution as it opens the greylist text database.
- Don't include IP address when greylisting (use only MAIL & RCPT values) - Click this check box if you do not wish to use the sending server’s IP address as one of the greylisting parameters. This will solve the potential problem that can be caused by server pools, but it will reduce greylisting’s efficiency.
- Don't greylist subsequent connections which pass SPF processing - Once a SMTP session passes SPF processing, MDaemon will not greylist further connections from the same host.
- Don't greylist mail from senders in local address books - MDaemon will exempt senders in the recipient's address book from greylisting when this option is enabled.
- Don't greylist messages to mailing lists - When this option is enabled, MDaemon will not greylist messages to local mailing lists.
- Don't greylist mail sent over authenticated sessions - This option should generally be enabled and will allow sessions that successfully authenticate to send without the greylisting delay.
- Don't greylist mail from trusted IPs - Any IP listed as trusted will be exempt from greylisting when enabling this option.