Blacklist-augmented Postfix Greylisting
is a method of temporarily rejecting email messages from unknown
hosts. Many spambots do not have sophisticated retry logic, and
giving them a temporary error message will effectively reject
their mail. Legitimate mail servers, on the other hand, will
correctly retry to send mail.
This is fine, but it introduces annoying delays for messages from
new sources. This especially stinks when you are waiting for one
of those confirmation emails that you need to get access to
a new account on the web.
Blacklists Suck More
Blacklists suck even more. If you configure your mail server to use
one of these and somebody you know ends up on one, they simply can't
send you any email.
My approach is a hybrid. It performs greylist-like behavior, but only
for hosts which are on a blacklist. This gives you some very nice
behavior. It never outright rejects any mail, and it gives very good
delivery times for all mail, except when the sending hosts are on a
I took the default postfix greylist.pl, and
made some modifications.
It reads Spamassassin's 20_dnsbl_tests.cf
file to find a set of blacklists to check. Each check requires
a DNS lookup which can be relatively slow. It is only done if
the host is not present in the greylist database.