Introduction Since I have had a lot of problems with false positives with the black lists that I’m using on my Exchange 2003 server I started looking into another way of filtering spam. Latest version: v1.3.1 – 19 feb 2007 |
About the program. It consists of two parts.
Requirements:
Features:
Greylist
Greylist admin
New in version v1.3.0:
Greylist
For the rest Greylist stays the same for unregistered users.
Greylist admin
JEP(S), the successor of Greylist has been released at Proxmea.com Even though Greylist has been succeeded by JEP(S), the download links remain here for reference. |
Download:
Install package | Greylist_v1.3.1.zip |
Documentation | Readme.doc |
Source Greylist | Greylist source v1.3.0 |
Previous versions:
Greylist v1.2
Greylist v1.1
Greylist v1.0
For support, feature requests and general chit-chat check out the Greylist forum For comments like ‘Hey – great app!’ use the form at the end of the page. |
What does it cost?
Nada. Nothing. It’s for free!
See it as a contribution to a better world A free contribution! I’ve released this under a Creative Commonce license, which comes down to that you can use it and redistribute it as long as you refer to me and this site while using any part of my program. The full license is available in the readme file.
But – please consider this especially if your a corporate user – Register it! It will cost you 50 euro (about 65 USD) and will support the continued development and you’ll get access to the customization options for how Greylist behaves on the communication level. The registration license will be mailed to you as soon as I’ve registered the payment. And if your boss wants an invoice – no problem! I’ll mail that to you upon request. |
The program is distributed ‘as-is’ and I don’t intend to provide any support for it.
But feel free to send me any suggestions to improvements or your own modifications.
Cheers,
Chris
You must be logged in to post a comment.
Help us continue our work with a donation
18 queries. 0.278 seconds
January 30th, 2007 at 17:07
Chris:
Stumbled onto your applet some time ago and love it. Something I have done may help:
I do NOT have it cohosted on the Exchange Server box – I am running ISA Server as an
inside firewall. I am running IIS with SMTP ONLY installed – so I can use it my
ISA server as an SMTP relay/proxy in front of Exchange. I have installed Greylisting
on my ISA IIS SMTP installation and am delighted. NO ISSUES – and I am stopping spam
which frequently contains virus’s at the firewall. ~nice~
Re SQL Express (SSE) – I have managed to install other 3rd party APPs to use a
remote SSE install when the 3rd party vendors couldn’t get their own product to work.
The issue is NOT the 3rd party APP, but the appalling Microsoft documentation concerning
remote access to SSE. Specifically, the Microsoft documentation was not ready when
they released SSE to market – so their isn’t any documentation!! Lucky us.
Realize that SSE is designed to be a developer’s tool, so remote isn’t “required” and
Microsoft treats it on that basis. Add to that reality the additional security
posture of Microsoft – and you can see why the default SSE install will ~not~ allow remote
access.
I have been running in a test environment and like all I see. Keep going – I think you
are onto a terrific little applet here.
February 1st, 2007 at 11:09
I have been using Greylist for a couple of weeks now and have found it very useful, it has blocked 180,000 messages since we’ve started using it and has stopped a lot of emails that our GFI MailEssentials was failing to block.
One thing I think could be changed is in the way the database cleanup is applied. As I don’t have the IP address checking enabled then over time you will get spam from/to the same sender/recipient causing all future spam from such pairs to get through.
I think it’s save to assume that if the First Seen and Last Seen timestamps are the same and over 24 hours old then it is not going to be resent and is probably spam. The clean up function could look for this and delete those entries, the database would be much smaller then. I have added a query to the Access database to do this for me.
Following on from this, is there an easy way compact the database? Access is especially wasteful with regards deleted records and I find the database can grow to 100MB in a couple of days. To run a compact on the database I am having to disable Greylist to remove the file locks and then enable again afterwards.
Keep up the good work.
February 16th, 2007 at 18:17
I came across this tool and it looks to be a good tool. There is one issue I faced. After applying this on exchange server, I had socket errors when trying the email test on dnsreport.com so I restarted the server and it went fine. Maybe it is mandatory step and has to be in manual for product.
Great work
February 17th, 2007 at 4:20
Usually my own email account got about 50-100 spam emails each day. I used to run with the GFI sollution, but it kept crashing our server, and let quite a few span-emails through. This has let 3 spam-mails through during a 3 week period! I am running with the built-in exchange “intelligent filter” along side with greylisting, and have made a short “whitelist” of domains, and it works perfect!
February 21st, 2007 at 10:06
If you are using the SQL DSN and you lose connection to your server, what happens? Does the software fail back to the Jet DB locally? Does it stop greylisting until the connection is restored?
February 21st, 2007 at 10:23
Hi Chris,
If that happens then it will fallback to not blocking / greylisting emails until the database connection is restored. It will try to restore the connection every couple of minutes automatically. Then it will log these error sessions with code 999 in the logfile.
This has been tested quiet extensively to make sure that it works correctly – and it does.
Cheers,
Chris
February 23rd, 2007 at 2:17
What’s changed from 1.3.0 to 1.3.1?
cheers
Gary
February 26th, 2007 at 15:35
Gmail accounts seem to be blocked completly. When it resends the first and last timestamps are always the same. I’ll update later if this changes for me. Also is there a way to track which email are passed?
February 26th, 2007 at 15:43
Micheal: I’ve posted a reply to your question in the community forum –> here.
February 26th, 2007 at 15:43
Ahh Nevermind. Gmail uses multiple servers, blocking by IP address kills these for a while.
March 28th, 2007 at 1:14
Just read on the forum your question
“I just need to figure out code wise how to do something like ‘is 123.33.33.22 part of 123.33.32.0/23’.”
This is simple.
1) from the /23 part, you generate the subnet mask. This is an unsigned 32 bit integer with the 23 upmost bits set.
for a /23 subnet, it is i.e. 11111111 11111111 11111110 00000000
2) compare if the host matches the network range definition
March 28th, 2007 at 7:24
Hi Alex,
Thanks! I’ve choosen another path though.
I’m not converting the IP’s to serials and then do a more then less then comparison between the source ip.
This will be implemented in the next major version which ‘might’ come in a month or so.
Cheers,
Chris
April 12th, 2007 at 6:43
Hy Cris,
we are overjoyed since we use greylist,
The Spam sank under 5%
The registration was easy
It works properly…
I would have still a small desire..:
A funktion to import and export source IP and Sender Adress for Whitelist
Thanks a lot for this Great Programm
Greetings
Volker
PS.
Sorry my rubbish english
April 16th, 2007 at 16:04
1,000,000 spams stopped and counting!
Hi Chris, just thought I’d pop you a quick note. We’ve got the registered version running on a dozen or so servers now – just on our 8 top servers we have prevented over 1,000,000 spam emails reaching the servers.
As for the latest (couple of days ago) Trojan that is trying to spread by email – well, all we’ve noticed is the greylist logs are a little bigger.
Brilliant! Just brilliant!
April 27th, 2007 at 3:39
Thank-you very much for your wonderfull tool: it really works as expecded stopping tons of spam mails per day.
Thank-you!!!
A. Longa
May 14th, 2007 at 16:58
Can this be configured so that it only works on one domain? As I host mail, I do not want to annoy customers while I test this.
May 16th, 2007 at 14:15
Heyden Kirk: Unfortunately not. The next version (2.0) which is still under development will have a function for ‘learning’. This means that it does all the processing while no mails are blocked so that the filter gets to know you senders email patterns.
May 22nd, 2007 at 14:58
I had a slight issue with the greylist program recently, it was running amazing for about a week and then all of a sudden it stopped allowing email to get through. I disabled and then re-enabled to see if that made a difference, disabled, deleted the directory downloaded a new copy and started it up and same thing, full blocking of all email to the server. Is there anything I can check because while it worked, it ran like a champ.
June 2nd, 2007 at 10:45
Hey,
I setup a test exchange box in a new domain. I set forwarding from my gmail account to my newdomain email account on exchange. What i found out was when i check the access database any email that is being forwarded from my gmail will be listed as
gmailusername+caf_=testdomainusername=testdomain.com@gmail.com
Problem is, in this way i am not able to identify the original user who is sending email to my gmail account. For example if Sue at sue@hotmail.com sends an email to my gmail account and it gets forwarded to my test domain account it will have the same format in the database as i mentioned earlier. Since from the database i would never know that email came from Sue, what would be the way to identify the original user of the email?
My guess was that since my gmail account is already been whitelisted, when Sue sends me an email it really dosent matter if i whitelist her email separately because my gmail account is already in the whitelist.
I apologize if my language here is a bit confusing. Any help on this would be appreciated. I would love to implement this in my real environment.
June 4th, 2007 at 9:54
I have problem to get e-mail through while having greylist enabled. I am running version 1.3.1.
I have tried disable and then enable it again. I don’t know what to do. I have also tried download a new copy.
Do you have any idea what to do?
Greylist have worked great for about 6 months, but now something have happened.
June 19th, 2007 at 14:25
I have had some problems with this on certain customers servers. Here are some tips to help those of you in trouble.
After creating a database and enabling the Greylist sink, sometimes all mail will be blocked. Greylist admin will also report nothing.
To fix this:
1) Run the disable command
2) Restart IIS service (type services.msc in the run box)
3) Delete database files (.mdb, .cfg)
4) Run Greylist admin.exe recreating the databases
5) run the enable command
There is another problem where you have run the enable command too many times. This creates more than one sink. I have found this to be a huge problem and not even realising it.
To fix:
1) Run the disable command a few times until it can no longer find the sink
2) Repeat the steps in the first solution
I hope this helps some people.
June 23rd, 2007 at 2:44
Hi. Just added this great tool to a site. It look fine, but i realized after 1-2 hours that it was not so happy to talk to some mail servers. In the log it said “SMTP – 250”, but on the sending server it said “host dropped connection”. I tried everything of the above things. At last i had to drop using it. Any ideas ??
P.S. Really sorry about that because greylisting i a smashing good techique.
July 5th, 2007 at 5:14
System sbs2003,
Programm: JEPs not Greylist
I also noticed that messages with status 250 in log file are dropped.
has someone any ideas to fix this bug ?
July 5th, 2007 at 8:43
i´ve found a interessting problem:
If i looking at the Jeps Listinger, i see sometimes logs that differs from all other:
with command: addd
SourceIP: none (blank)
recipient: quit
result: 0
This mails are “return receipt, delivered or read messages” and JEPs are blocking this messages.
I think that is a huge bug.
July 5th, 2007 at 10:30
Lars: Regarding the ‘interesting problem’; it’s not a lot message you see, but the autowhitelist in action.
When you have it active then when a outbound mail is sent, then the recipient email address gets added to the inbound sender whitelist. This gets logged in the listener like that.
After x hours then the sender email address gets automatically removed.
Thus, not a bug – it’s a feature.
July 6th, 2007 at 2:24
Chris J.: it seems that some emails are blocked and that are important delivery, receipt or read messages
July 10th, 2007 at 11:08
I would just like to say thanks for taking the time to write one of the most amazing programs I’ve ever seen.
I’m planning on registering our copy as soon as I can get it approved.
The first hour of operation, 100,000 spam emails were blocked! (with not a single false positive!)
July 11th, 2007 at 8:29
I have just installed this on a server running 2003 and Exchange 2003. Emails are coming straight in from everywhere with no delay at all. he system is also running Symantec’s Mail Security for Exchange, do I need to uninstall this first?? Also, when I telnet to port 25 on the server it still appears that Exchange service is listening, should the SMTP banner look different?
July 13th, 2007 at 2:06
Gigaflopper:
Seems like it’s not activated. Have you enabled it?
Normally Greylist works fine with other spam products, but ofcourse there’s no guarantee. I know that other people use Symantec’s products together with Greylist.
The banner should not change as it’s not replacing the IIS SMTP service.
More questions? –> Look in the Greylist forum.
Cheers,
Chris
July 13th, 2007 at 13:22
You rock! Thanks for the great tool. A solid Directory Harvesting Attack killer is what I was looking for.
July 19th, 2007 at 1:21
This looks great. Thanks, and I’m looking forward to trying this out.
July 25th, 2007 at 19:53
i have been using version 2.0 for almost over 3+ weeks and it works great. Blocks tons of spam and very very easy to configure. I did not see anything that i would say is wrong at the moment. Cant wait for the final version.
I know you said you are 95% done but how much time span are we looking at?
thanks for all your efforts.
July 30th, 2007 at 9:01
Dear Sir,
We are one of the Hungarian software-dealers (e.g.: we are Symantec
Enterprise Sales Partner, Corel and Novell Business Partner.).
Our customers are interesting in your products:
Greylist
We hope that you’ll be able to help us. We plan to order the program
directly from you. Please write us the terms of reselling and prices too.
We could pay with credit card. Please write me your fax number too.
If we order, could you make out the invoice to us, NOT for the enduser?
This is important for us. Can we download this product or you ship only
retail box version?
Waiting for your answer,
August 1st, 2007 at 16:13
Forum is not accepting new registrations as process fails when it tries to send you your confirmation email. It looks like the author’s greylist package is stopping the mail?
Ran into problems sending Mail. Response: 451 4.7.1 Please try again later. Session Greylisted with JEP(S) Greylist http://www.Proxmea.com/. If you’ve received this in error then check http://www.greylisting.org/
DEBUG MODE
Line : 153
File : smtp.php
August 13th, 2007 at 7:44
Dear Sales Team,
We are one of the Hungarian software-dealers (e.g.: we are Symantec
Enterprise Sales Partner, Corel and Novell Business Partner and we are
the Hungarian direct partner of ACDSystems, Ulead, WinZip, StarNet etc.).
Our customers are interesting in your products:
Greylist 1.3.1
We hope that you’ll be able to help us. We plan to order the program
directly from you. Please write us the terms of reselling and prices too.
We could pay with credit card. Please write me your fax number too.
If we order, could you make out the invoice to us, NOT for the enduser?
This is important for us.
Waiting for your answer,
Best regards,
Robert Pacsonyi
product manager
August 24th, 2007 at 8:02
I used greylist in linux, http://www.logistic-china.combut now Exchanger can use it. Thanks for your job.
August 28th, 2007 at 8:45
hi,
will there be an ‘upgrade license’? we’ve paied for 1.3 just some weeks ago and were pretty satisfied with the solution. now we’re wondering if everybody has to pay these € 150 ..
regards,
christian
August 29th, 2007 at 0:44
Christian: No worries – if you already have a Greylist license then you will recieve a cupon code that can be used for getting a €50 reduction on JEP(S). These codes will be sent out in the next coming weeks.
Cheers,
Chris
September 3rd, 2007 at 10:14
I’ve installed this on several Exchange servers over the past several days. Here are some of my findings / opinions:
(1) If you get a 250 in your logs *and* mail is not coming in, try stopping any other antispam solution and/or running “iisreset” again. On two servers, I found the following to be the case.
(1a) Greylisting + Exchange = OK
(1b) Greylisting + Trend Micro AV = OK
(1c) Greylisting + Trend Micro AV + Trend Micro antispam = not OK
(1d) Greylisting + Trend Micro AV + Trend Micro antispam + iisreset = OK
This last step suggests to me that something is awry with either Trend Micro’s antispam solution and/or this greylisting dll.
(2) 200 replies in log might be result of blank entries in the whitelist portion of your MS Access DB. When you get a 200 error, you still seem to get mail, even spam. To fix this, try deleting the blank entries and run “iisreset” from the command line. (200 reply = “nonstandard success response”, see RFC 876).
(3) I created a “greylist-bounce.bat” file in my greylisting folder to “fix” things when mail seemed to mysteriously stop working. For whatever reason, that seemed to work.
regasm /unregister greylist.dll
cscript smtpreg.vbs /remove 1 oninboundcommand “Greylist sink”
iisreset
regasm /codebase greylist.dll
cscript smtpreg.vbs /add 1 oninboundcommand “Greylist sink” greylist.eventsink RCPT
cscript smtpreg.vbs /setprop 1 oninboundcommand “Greylist sink” source priority 77
iisreset
(4) Incoming mail from Gmail and Hotmail (dunno about Y!) might a huge problems in some environments. On one server, new mail from Hotmail got bounced a couple of times, and new mail from Gmail would range from like 5 minutes to several hours (like 12). I have my suspicions why this is the case (different IPs, different policies on different servers, etc), but the bottom line is that this could be very frustrating for users and possibly lethal to your job if, say, the CEO sent a super important email from his gmail account to someone to the Exchange server. This criticism is more directed to greylisting as a whole, rather than GRYNX in particular.
(5) I have found this program to be 90% to 99 to 100% effective. On the server where it was 99 to 100% effective, most of the spam seemed to be dictionary attacks and/or email sent to an old domain that the Exchange server had in its recipient policy (e.g. asdfasdf@olddomain.com, 12345@olddomain.com, info@olddomain.com, hr@olddomain.com, administrator@olddomain.com, etc). On the server where it was 90% effective, a lot of the crap spam seemed like stuff that users had subscribed to (coupons, job board sites, etc). This type of spam is much harder to deal with, as it seems to adhere to proper RFC standards.
(6) This solution is good quick fix if you’re in a pinch and need something fast and free. Ultimately, if you’re running Exchange and need a “free” greylisting spam solution that is enterprise-worthy, you’ll probably want to put some sort of postfix/tumsgreyspf-like box in front of your Exchange server. GRYNX is a very cool project, and while I thoroughly appreciate the hard work that has gone into it, I think that something like tumsgreyspf is much better suited for mission critical environments (the admins at RealityKings.com use it, in fact). GRYNX “works”, but only if you’re willing to fiddle and goof around a bit before you roll it out on your production servers. If you’ve got that much time to burn, then perhaps consider implementing postfix/tumsgreyspf to begin with.
As the saying goes, fast, free, and good — pick any two!
FAST – 9 (Install .NET 2.0, dump to folder, enable, quick config, ready to go…unless you have some funky spam solution that conflicts)
FREE – 8 (Gratis, but not libre)
GOOD – 4 (Unlike other greylisting solutions, this is not the sort of program that I could simply install and then just walk away and not worry about. If Exchange Server is your company’s family jewels [as it is for most organizations] then take a few days and put some sort of smarthost or smtp gateway in front of it. Maybe I’ll reconsider my stance once I better understand why things are mysteriously going awry when I start running it on my servers)
Best,
Rog
September 10th, 2007 at 15:38
Hi Rog,
Thanks for your feedback – this is very valuable to us in developing the new versions.
We’ve released a new version under a new name, JEP(S), and under another website, http://www.Proxmea.com, which addresses all of the issues in your feedback. Be sure to check it out!
(1) This is no longer an issue as JEP(S) handles all installation of the sinks. Further is there a smart tool included (View sinks) which helps in positioning JEP(S) correctly together with other mail add-on’s.
(2) Also no longer an issue, fixed in JEP(S).
(3) No longer an issue, see 1.
(4) No longer an issue. JEP(S) can use Realtime White Lists (RWL’s) which identifies especially large companies. When in use then the SourceIP is exluded in the processing.
(5) We also include tarpitting in JEP(S) which protects against harvesting attacks.
(6) I hope that you, after reviewing, see that JEP(S) is a lot more mature and that it’s more aimed at the enterprise market – without letting go of all installations in smaller systems.
I’d love to hear from you if you have a look at JEP(S) and hope that we now can get more then 2 out of 3 😉
Cheers,
Chris