Archive for February, 2010

Per-domain/per-account settings for Plesk 9’s greylisting

Thursday, February 4th, 2010

Plesk 9 introduced the very useful feature of greylisting for the Postfix SMTP server (and presumably the QMail one as well, but I only use Postfix as QMail gives me a headache!).

Greylisting basically sends a “resource temporarily unavailable, please try again later” message whenever someone connects and tries to deliver an e-mail. For legitimate SMTP servers, this isn’t a problem; they will do as the server and the SMTP RFC says and try again later.

Spammers on the other hand don’t generally retry as they are just focused on blasting out as many e-mails as possible to as many addresses as possible. They don’t have time to come back to your server later as all of the retries would tie them up and prevent them from sending to other potentially reachable servers. They also generally use poorly written software that doesn’t conform to standards.

The greylisting software keeps track of the IP addresses trying to send e-mails through the SMTP server that it is protecting and after a resonable amount of time (say 15 minutes or so) it will allow re-delivery attempts to pass through.
If a server tries to re-connect too soon and/or too frequently after being told to try again later, then it is penalised by the greylisting software.

The only two downsides to greylisting are that some legitimate e-mail servers don’t retry sending e-mails (so you have to whitelist them in order to be able to receive e-mail from them) and that greylisting slows down e-mail delivery as you have to wait for the sending server to retry.

The Plesk web interface is a bit limited when it comes to greylisting, but luckily (as with most Plesk features) there are comprehensive CLI tools to accomplish what you need. In this case, the “grey_listing” command, which for CentOS/RHEL systems can be found in /usr/local/psa/bin/grey_listing

Some useful commands:

Show server wide settings:

/usr/local/psa/bin/grey_listing –info-server

Show per domain settings:

/usr/local/psa/bin/grey_listing –info-domain

Show per e-mail address settings:

/usr/local/psa/bin/grey_listing –info-mailname

Enable server wide greylisting:

/usr/local/psa/bin/grey_listing –update-server -status on

Disable greylisting per-domain:

/usr/local/psa/bin/grey_listing –update-domain -status off

Set the time to greylist new IP addresses for (in minutes):

/usr/local/psa/bin/grey_listing –update-server -grey-interval 5

Set the expiry time for allowed IP addresses (in minutes):

/usr/local/psa/bin/grey_listing –update-server -expire-interval 43200

Set the time to penalise IP addresses for (in minutes):

/usr/local/psa/bin/grey_listing –update-server -penalty-interval 2

Enable penalising of IP addresses:

/usr/local/psa/bin/grey_listing –update-server -penalty-status on

Whitelist e-mail from all addresses to

/usr/local/psa/bin/grey_listing –update-mailname -whitelist add:*

Server wide blacklist e-mail from

/usr/local/psa/bin/grey_listing –update-server -blackelist