Greylisting with Sendmail and FreeBSD

Matt Kettler mkettler at
Wed Nov 8 22:12:06 GMT 2006

Jim Coates wrote:
> How hard is it to install Greylisting on a machine running FreeBSD, Sendmail
> and MailScanner?
> Is there a particular package that you all recommend?

I use milter-greylist. It's pretty easy, and it's ACL based setup lets you set
it up more-or-less any way you want.. greylist by default, or by explicit rule, etc.

The current release candidates also support using dnsrbl's as acl rules, and
per-rule over-ride of greylist duration. Putting the two together you can do
things like greylist for longer periods of time if they're listed in a DNSRBL.
(useful for DNSRBLs with too many FPs to use as outright blacklists).

My current setup is more-or-less:

whitelist <mynetwork>
whitelist <some important partners>
greylist spamhaus SBL, 15mins
greylist spamhaus XBL, 1hr
greylist SORBS-WEB, 1hr
greylist SORBS-DUL, 1hr
greylist <all to postmaster> 1min
greylist <anything with mydomain as envelope sender> 1min
greylist (regex for hosts with no RDNS) 1min
greylist (a few other regexes) 1min
greylist (list of ip's allocated to apnic) 1min
greylist (list of ip's allocated to lacnic) 1min
whitelist default

And that works pretty well. Right now XBL, and more specifically the CBL
contributed part of XBL, is taking the lions share of the hits.

Thus far this week:

Spamhaus SBL
Spamhaus XBL (CBL)
Spamhaus XBL (NJABL)
delayed 1m (others)
default action:
not delayed and delivered (total, incl whitelists)
> I asked out FreeBSD host about it, and they say that they've never used it.
> An interesting note - Yahoo has started using greylisting on their email
> accounts.

More information about the MailScanner mailing list