Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




Postfix Documentation
Previous Page Home Next Page

Example: greylist policy server

Greylisting is a defense against junk email that is described at The idea was discussed on the postfix-users mailing list one year before it was popularized.

The file examples/smtpd-policy/ in the Postfix source tree implements a simplified greylist policy server. This server stores a time stamp for every (client, sender, recipient) triple. By default, mail is not accepted until a time stamp is more than 60 seconds old. This stops junk mail with randomly selected sender addresses, and mail that is sent through randomly selected open proxies. It also stops junk mail from spammers that change their IP address frequently.

Copy examples/smtpd-policy/ to /usr/libexec/postfix or whatever location is appropriate for your system.

In the Perl script you need to specify the location of the greylist database file, and how long mail will be delayed before it is accepted. The default settings are:


The /var/mta directory (or whatever you choose) should be writable by "nobody", or by whatever username you configure below in for the policy service.


# mkdir /var/mta
# chown nobody /var/mta

Note: DO NOT create the greylist database in a world-writable directory such as /tmp or /var/tmp, and DO NOT create the greylist database in a file system that may run out of space. Postfix can survive "out of space" conditions with the mail queue and with the mailbox store, but it cannot survive a corrupted greylist database. If the file becomes corrupted you may not be able to receive mail at all until you delete the file by hand.

The Perl script can be run under control by the Postfix master daemon. For example, to run the script as user "nobody", using a UNIX-domain socket that is accessible by Postfix processes only:

1 /etc/postfix/
2     policy  unix  -       n       n       -       -       spawn
3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/
5 /etc/postfix/
6      policy_time_limit = 3600


  • Line 3: Specify " -v" for verbose logging of each request and reply.

  • Lines 2, 6: the Postfix spawn(8) daemon by default kills its child process after 1000 seconds. This is too short for a policy daemon that may run for as long as an SMTP client is connected to an SMTP server process. The default time limit is overruled in with an explicit "policy_time_limit" setting. The name of the parameter is the name of the entry ("policy") concatenated with the "_time_limit" suffix.

On Solaris you must use inet: style sockets instead of unix: style, as detailed in the " Policy client/server configuration" section above.

1 /etc/postfix/
2  inet  n       n       n       -       -       spawn
3       user=nobody argv=/usr/bin/perl /usr/libexec/postfix/
5 /etc/postfix/
6 = 3600

To invoke this service you would specify " check_policy_service inet:".

Postfix Documentation
Previous Page Home Next Page