Postgrey has many issues, the most widely agreed upon being the default 180-second delay. In addition, its whitelist is seriously outdated. Some forwarding services, like Cloudflare Email, should be included in the whitelist under the “big pool” justification. Back in 2015, Miab had a fork of Postgrey that implemented DNSWL lookup to bypass greylisting, but these changes never seemed to be merged into Postgrey itself. Later on, some suggested installing an additional component like Postfwd—but after reading the documentation, I found it far too lengthy.
So, I tried to implement it in a simpler way: by writing a small script that acts like a reverse proxy for Postgrey, querying DNSWL to decide whether to allow or pass the request to Postgrey.
I used socat to listen on a port and nc to forward to Postgrey. This way, no manual patching is needed, and I don’t have to introduce an untested alternative.
The general steps is:
- Download a script file and install
socat - Create and start a service
- Modify the Postgrey target port in Postfix’s configuration to this service’s port, and restart Postfix
It works well so far.
However, I’m not sure if this is worth sharing—anyone interested in this kind of solution? (So I’m posting here before I clean it up into a git repo.)