Greylisting

Greylisting is a very effective method of reducing spam and malware. It works by initially refusing connections to the mailserver for a new server for 30 minutes, exploiting the fact that almost all spammers don't use proper mail servers and cannot properly handling resending of messages. The drawback is that emails from unknown mail servers will be delayed by 30 minutes. The mailserver tries to limit this delay as much as possible. Greylisting is enabled on default in the Mailserver. The default configuration is good enough in most cases and works by:

• Allow any mailserver that has previously passed the greylisting (in the last 30 days)
• Allow any mailserver with a valid SPF record
• Allow any user that authenticates before sending emails
• Allow a fixed list of known good, but troublesome, mailservers like Yahoo groups and Amazon.com
• Allow or block any emails, ip addresses or domains that matches the above Greylist Exceptions
• Greylist all other incoming emails for 30 minutes

Further tweaking can be done from the webadmin, Mailserver → Greylisting settings page.