Yet Another Greylisting Daemon for qmail and netqmail

EQ Admin

EQ Forum Admin
Staff member
qmail-greyd is yet another implementation of greylisting for qmail,
netqmail and indimail. The qmail-greyd code is licensed under GPLV3

Most of the ideas come from greydaemon written by John Levine and the
greycheck() function written by Andrew Richards as described at

Announce: greydaemon, a new greylisting package for netqmail | Qmail | users

Using Andrew's code makes it possible to have minimal changes to
qmail-smtpd. qmail-greyd is compatible with Andrew's code and uses
almost the same logic as in greydaemon.

qmail-greyd can be downloaded from

qmail-greyd is written in C and uses extensively the functions written
by djb. qmail-greyd maintains an in-memory linked-list of triplets of
IP, from, recipients. It reads the entire recipient list in one
operation by figuring out the data size using MSG_PEEK
parameter to recvfrom(). During startup, qmail-grey can read a list of
IPs from a file. The entries in the file can be in CIDR format, range
format, wildcards or exact IPs. The whitelist file can have a .cdb
extension for fast cdb lookup. Once qmail-greyd is running, it can
re-read the whitelist on receipt of SIGHUP. (I also have a version which
does MySQL lookup, in case anyone in this list is interested).

To have the in-memory database as small as possible, qmail-greyd
continously expires entries in the linked list and frees the expired
entries periodically. qmail-greyd periodically flushes the in-memory
database to a file. This context file can be read during startup (say
after a reboot). qmail-greyd also flushes the database to a file on
receipt of signal SIGTERM or SIGUSR1.

qmail-greyd can be started under supervise. A typical command line I am
using currently is

/var/qmail/bin/qmail-greyd -w greydaemon.white -t 30 -g 24 -m 2 \
-s 5 greydaemon.context

qmail-greyd is still being worked on. I expect there would be few
glitches in the code. Other than my own laptop, I have no means to test
the code from different sources.

I will be glad to work with any volunteer(s) who have time to make this

Enabling greylisting in qmail-smtpd:

Greylisting is enabled using the GREYIP environment variable.
This specifies the IP address and/or port on which qmail-greyd is

Specifying an empty string, GREYIP="" disables greylisting;
or you can specify the IPaddress:port where qmail-greyd is listening
for example GREYIP="".

* Assuming you've setup your qmail-smtpd service with tcpserver and the
-x option (as in LWQ), you just need to update the cdb file referenced
by this -x option. The source for this file is typically /etc/tcp.smtp.
For example,


could become,


* If you've setup qmail-greyd on a non-default address (perhaps you're
running qmail-greyd on a separate machine), you'll also need to specify
the address it's listening on - adjust the above to include
GREYIP="", for example.

* Finally, don't forget to update the cdb file corresponding to the
source file you've just edited. If you have a LWQ setup that's,

qmailctl cdb

otherwise (assuming /etc/tcp.smtp, /etc/tcp.smtp.cdb),

tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp

* Alternatively (and particularly if you're not using the -x option to
tcpserver) you can enable greylisting for all SMTP connections by
setting GREYIP in the environment in which qmail-smtpd is started - for
example your startup script might now contain the line

exec env GREYIP=":" /usr/local/bin/tcpserver ...

-- Manvendra Bhangui