Greylisting is one of the most effective methods of getting rid of SPAM. The receiving SMTP server using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate the originating server will, after a delay, try again and, if sufficient time has elapsed, the email will be accepted. If the mail is from a spam sender, sending to many thousands of email addresses, it will probably not be retried. More info about greylisting can be found here.
Greylisting can be used with postfix by using policies and are usually written in PERL. Postgrey is also written in PERL and the connection between postfix and postgrey can be made through a local socket or through a inet socket, so the postgrey policy server can run on a different machine.
Installation of postgrey in CentOS is straightforward, it requires just a simple yum command and a very simple configuration. Since this is a non-standard package, the rpmforge reporitory should be already included into yum configuration.
Postgrey uses few configuration files:
/etc/sysconfig/postgrey : to set parameters for the postgrey process
/etc/postfix/whitelist_clients : the list the sender addresses for which greylisting will not be used, usually contains servers known to behave improperly when sending mail, eg. lack of a sending queue
/etc/postfix/whitelist_clients.local : the list of the local additions to the above list.
/etc/postfix/whitelist_recipients : the list of the local e-mail addresses for which greylisting will not be used and the e-mail will pass without being delayed.
To use postgrey on the same machine as the postfix SMTP server, it's fine to start postgrey using a socket. So, i configure postgrey with the following parameters:
The parameters listed above specify where should be placed the socket, what is the duration before the first sending attempt and the time when message will be accepted and a slightly modified response message for the SMTP clients, informing them how much time to wait before retrying.
After the initial configuration, the process should be started.
And, finally, postfix configuration should be re-read:
Up: Postfix installation and configuration
Prev: Postfix TLS configuration
Next: Postfixadmin installation