Greylist and white lists

webmaster · October 1, 2019, 5:25pm

I notice that the greylist service has this as command line (service greylist status):
/var/run/postgrey/postgrey.pid --daemonize --inet=127.0.0.1:10023 --delay=180 --whitelist-recipients=/etc/postgrey/whitelist_clients

because /etc/default/postgrey has in it:
POSTGREY_OPTS="–inet=127.0.0.1:10023 --delay=180 --whitelist-recipients=/etc/postgrey/whitelist_clients"

There are 2 whitelist files in /etc/postgrey:
whitelist_clients
whitelist_recipients

Each says at the top, respectively:

with --whitelist-clients=xxx

with --whitelist-recipients=xxx

So why is the command line using the clients list for the recipients and ignoring the recipients list?

I changed the line in /etc/default/postgrey to:
POSTGREY_OPTS="–inet=127.0.0.1:10023 --delay=180 --whitelist-recipients=/etc/postgrey/whitelist_recipients --whitelist-clients=/etc/postgrey/whitelist_clients"

and restarted greylist with service greylist restart and greylisting, and particularly recipient white listing, appears to now work.

Is this a bug in the distribution? As the entries in whitelist_clients is being used for recipients seems it would never work. I am using the latest, installed yesterday.
Colin

webmaster · October 2, 2019, 5:41pm

Further to this thought, I think greylisting as a concept is now a bad idea. With the advent of huge mail systems like GMail, AOL, Yahoo, etc. the likelihood of the repeated transmission coming from the same IP as the original is slim and none. Meaning the email will be perpetually greylisted and never delivered.
I recommend making the changes in the above message, then disabling greylisting on incoming emails by adding this to the bottom of /etc/postgrey/whitelist_clients:
# Disable incoming greylisting by whitelisting everyone
/.*/

Colin

openletter · October 6, 2019, 12:49am

I seen this stated before in other places, just never experienced it.

alento · October 8, 2019, 12:14am

I cannot agree with this statement because if the senders mail server is properly configured, the mail WILL be delivered when a second attempt is made. So saying that the ‘email will be perpetually greylisted and never delivered’ is a falsehood. Greylisting also does not rely on just the IP address … it is mainly concerned with the ‘envelope’ details …

system · December 1, 2019, 5:35pm

This topic was automatically closed after 61 days. New replies are no longer allowed.