Plesk 9 introduced the very useful feature of greylisting for the Postfix SMTP server (and presumably the QMail one as well, but I only use Postfix as QMail gives me a headache!).
Greylisting basically sends a “resource temporarily unavailable, please try again later” message whenever someone connects and tries to deliver an e-mail. For legitimate SMTP servers, this isn’t a problem; they will do as the server and the SMTP RFC says and try again later.
Spammers on the other hand don’t generally retry as they are just focused on blasting out as many e-mails as possible to as many addresses as possible. They don’t have time to come back to your server later as all of the retries would tie them up and prevent them from sending to other potentially reachable servers. They also generally use poorly written software that doesn’t conform to standards.
The greylisting software keeps track of the IP addresses trying to send e-mails through the SMTP server that it is protecting and after a resonable amount of time (say 15 minutes or so) it will allow re-delivery attempts to pass through.
If a server tries to re-connect too soon and/or too frequently after being told to try again later, then it is penalised by the greylisting software.
The only two downsides to greylisting are that some legitimate e-mail servers don’t retry sending e-mails (so you have to whitelist them in order to be able to receive e-mail from them) and that greylisting slows down e-mail delivery as you have to wait for the sending server to retry.
The Plesk web interface is a bit limited when it comes to greylisting, but luckily (as with most Plesk features) there are comprehensive CLI tools to accomplish what you need. In this case, the “grey_listing” command, which for CentOS/RHEL systems can be found in /usr/local/psa/bin/grey_listing
Some useful commands:
Show server wide settings:
Show per domain settings:
/usr/local/psa/bin/grey_listing –info-domain spheron1.uk
Show per e-mail address settings:
/usr/local/psa/bin/grey_listing –info-mailname firstname.lastname@example.org
Enable server wide greylisting:
/usr/local/psa/bin/grey_listing –update-server -status on
Disable greylisting per-domain:
/usr/local/psa/bin/grey_listing –update-domain spheron1.uk -status off
Set the time to greylist new IP addresses for (in minutes):
/usr/local/psa/bin/grey_listing –update-server -grey-interval 5
Set the expiry time for allowed IP addresses (in minutes):
/usr/local/psa/bin/grey_listing –update-server -expire-interval 43200
Set the time to penalise IP addresses for (in minutes):
/usr/local/psa/bin/grey_listing –update-server -penalty-interval 2
Enable penalising of IP addresses:
/usr/local/psa/bin/grey_listing –update-server -penalty-status on
Whitelist e-mail from all @gmail.com addresses to email@example.com:
/usr/local/psa/bin/grey_listing –update-mailname firstname.lastname@example.org -whitelist add:*@gmail.com
Server wide blacklist e-mail from email@example.com:
/usr/local/psa/bin/grey_listing –update-server -blackelist add:firstname.lastname@example.org