HomeGreylist daemonRunning

In depth

An in depth look into how greylist works.

Let's assume the following configuration:

Triplet
  |
  v
Server
 |                                                          
 + whitelist recipient with exact match  ----------------+
 |                                                       |
 + whitelist triplet_string with pattern match ----------+- Database
 |                                                       |
 greylist -----------------------------------------------+

  • A triplet is received from postfix and passed to a handler.
  • The handler checks whether the recipient address is in the database table. If it matches the handler stops and returns action=dunno to postfix. If full logging is enabled a log entry is written to the mail log.
  • The handler composes the complex triplet_string and matches it against all regular expressions in the database table specified by datasource, returning to postfix on match.
  • The handler checks the triplet against the greylist triplet database, and decide whether it is new, waiting or ok, updates the database, then sends its decision to postfix.

More things to do with greylist - consider this configuration

Triplet
  |
  v
Server
 |                                                          
 + whitelist recipient with exact match  ----------------+
 |                                                       +- local Database (SQLite)
 + whitelist triplet_string with pattern match ----------+
 |                                                       
 greylist -----------------------------------------------+- network Database (MySQL)

Here, two databases are being used. One for a local list of whitelisted recipients and patterns, a second one for sharing the triplet database between multiple mail servers in a mail relay.

So far in all examples greylist was used on all triplets. But it is also possible to use a selective match with the greylist policy to greylist only some recipients, or some senders, or some networks, or triplets based upon a regular expression, .. and so on.

Triplet
  |
  v
Server
 |
...
 +--- exact match --------------------------------------+
 |    |                                                  |
 |    greylist ------------------------------------------+- Database
 |
 dunno