 This is an old version – click here for latest version
Introduction
Since I have had a lot of problems with false positives with the black lists that I’m using on my Exchange 2003 server I started looking into another way of filtering spam.
The obvious choice of additional protection fell on grey listing ( you can read more about what it is here ).
The problem with this is that there doesn’t seem to be any free products out there for Exchange and as I don’t want to set up a Linux box ( yet another box in the rack ) I decided to write one myself.
Usually i receive 3500-4000 spam attempts per day so that means that 70 mails a day are slipping trough. These 70 get matched to a blacklist that is not that aggressive and the result of this is that my spam level has gone down to almost 0% while I haven’t had a single false positive yet.
Latest version: v1.2.4
|
About the program. It consists of two parts.
- Greylist installs as a .dll and connects to the SMTP service’s OnInboundCommand RCPT. It reads it configuration from Greylist.cfg and uses Greylist.mdb for logging entries. It also produces a log file in the log directory.
- Greylist admin creates and configures the above files as well as controls the settings and the white list.
Requirements:
- Windows server 2000/2003
- Exchange 2000/2003 or the vanilla IIS service
- .NET framework 2.0
- (Optional) Microsoft SQL 2000/2003 or SQL Server Express
Features:
Greylist
- Continue blocking for X minutes.
- Installs as a cached .dll
- Block by Source IP, Sender email address, Recipient address all together or in any combination.
- White list (always allow) by Source IP, Sender email address, Recipient address or in any combination.
- Clean out entries older then X days on the first session of the day.
- Stores data in a Microsoft access database, .mdb or in a MsSQL db.
- Logs on error to the event log
- Logs all sessions to a daily log file in /log/
Greylist admin
- Configures: Block for X minutes, Max age in X days, White list.
- Configures which items to use when blocking by Source IP, Sender email address, Recipient address all together or in any combination.
- Displays blocked items and passed items in totals.
- Displays current items in database.
- Displays block rate in % according to all entries in the database.
- Manually start cleanup routine.
- Configures the database connection
New in version v1.2.4:
Greylist
- Supports MS SQL server databases.
- Event logging can be set to three different detail levels.
- 999 error logging can be turned off or on in the main log file.
- Implemented handling for lost connectivity to the database.
- Longer 451 message on disconnect, with links to homepage and greylisting.org
- Changed the way object record sets are released.
- Changed the way cleanups are made with dates to work with German locales.
- Logs in a different format supported by AwStats and logs all sessions. Click here for a limited demo.
Greylist admin
- Added database handling to support MS SQL
- Added handling for different log levels
- Improves the indexing in the databases.
- Changed the way the cleanup procedure is done on mdb db’s.
- Added registration dialog.
This is an old version – click here for latest version
Previous versions:
Greylist v1.1
Greylist v1.0
For support, feature requests and general chit-chat check out the Greylist forum
For comments like ‘Hey – great app!’ use the form at the end of the page. |
What does it cost?
Nada. Nothing. It’s for free!
See it as a contribution to a better world 
A free contribution! I’ve released this under a Creative Commonce license, which comes down to that you can use it and redistribute it as long as you refer to me and this site while using any part of my program. The full license is available in the readme file.
Click to register
|
But – please consider this especially if your a corporate user –
Register it! It will cost you 50 euro (about 65 USD) and will support the continued development.
The registration license will be mailed to you as soon as I’ve registered the payment.
And if your boss wants an invoice – no problem! I’ll mail that to you upon request.
|
The program is distributed ‘as-is’ and I don’t intend to provide any support for it.
But feel free to send me any suggestions to improvements or your own modifications.
Cheers,
Chris
Forum {beta}
November 23rd, 2006 at 16:21
It works great on my Exchange 2003 front-end server. Thanks!
I tried to join the forum (username: mhensley) but haven’t received the registration email yet. Do I just need to be more patient?
Thanks for a great product! I’ll be submitting a PO request at my office next week.
November 23rd, 2006 at 16:39
Trying for the first time on Exchange 2003 server; I will leave more info after further testing. Thank you.
November 24th, 2006 at 6:39
Michael: I moved the websites a couple of days ago and forgot to change some settings. That was the reason why you couldn’t register – but now you can.
December 1st, 2006 at 13:58
Hi. Thanks for a very nice utility and an excellent tool in the battle against today’s oppressive spam regime. Early indications are that it is working very well in my home setup. Installation was simple and setup straightforward (although successfully setting it up for SQL logging, rather than Access MDBs, is still eluding me somewhat).
December 2nd, 2006 at 11:13
Hi,
Is it possible to create a setting to only save parts of the IP.
i.e. 123.123.*.* so that big SMTP services like hotmail and gmail gets through faster? They send from random/different servers even when resending after an error liks greylisting uses. I know they use different ip’s because I seen logs of another greylisting service for RaidenMailD.
Thanks.
Alex
December 2nd, 2006 at 12:57
Alexander: I know it’s not crystal clear on how to do this in Greylist, but it is described in the readme.doc
You can enter partials in the whitelist source ip, in you case you can type 123.123. and everything that begins with 123.123. will be let through.
Then again – I wouldn’t do this as it opens up for spammers to come from those ranges. Your greylist will learn soon enough where your mail is coming from and then the delay will disappear.
Cheers,
Chris
December 4th, 2006 at 20:49
Hey – nice little program. A feature I would love to see (and I would suggest adding) is the ability to disable the IP address portion of the triplet check. Greylisting works really well without the IP portion of the triplet check, and this means that important messages from large ISP’s, hotmail etc aren’t delayed for days… as they are often send from multiple addresses in mail server farms! thanks.
December 4th, 2006 at 20:59
Sorry – I didn’t realise the option is on the CFG file. I’ve changed UseSourceIP to FALSE, so I’ll se how that goes.
December 5th, 2006 at 2:39
Kelly: Even better then that! You can control it in the Greylist Admin program. Look at the picture in the beginning of this article and you’ll see that it’s the first check box.
Cheers,
Chris
December 5th, 2006 at 12:52
Hey,
thank you for your nice Tool.
We have a special configuration here. Out Exchange is not getting eMails direct via MX in DNS. A Tool installed on our Exchange is checking POP3 Boxes and delivers the eMails via SMTP to the Exchange. Do you see any possibility to use your Greylisting-Tool?
Thanks
Ralf
December 5th, 2006 at 14:26
Ralf: Unfortunatley not. If the Exchange server itself is not recieving SMTP emails then the Greylist is useless. It only works when Exchange is handeling the SMTP traffic directly according to the MX records.
Cheers,
Chris
December 5th, 2006 at 23:17
Is it possible to use MSDE2000? I’ve set this up with the following connection string: PROVIDER=SQLOLEDB;DATA SOURCE=(local)\GREYLIST;Initial Catalog=GreylistData;User ID=sa;Password=****** I’m using a named instance for Greylist.
Is this correct? I have created a table in the MSDE database called GreylistData, i’ve also run an iisreset, and i’m getting all the emails passed straight through to exchange, the database test said it was successful too.
December 6th, 2006 at 1:53
Ryan: I’ve moved your question to the forum -> here.
December 10th, 2006 at 22:48
now @inexa.cn can not send mail to @perstorp.com
because your software.pls help me!!
December 11th, 2006 at 7:27
Will this work for exchange 5.5?
December 12th, 2006 at 2:27
no,Exchange 2000
December 12th, 2006 at 3:11
Hi, like the tool and saves me lot of e-mail, BUT,
I have reports of MISSING mail which are never delivered!
It’s seems only to happen to mails with to: and cc: field used.
I have isue’s of a cc: not receiving it mail the to: arrived fine.
But today i had it the other way arround.
The log file says 200 but the mail never arrives at our mail server?
Any sugesstions?
Mike
December 13th, 2006 at 8:02
Mike: I’ve replied to your question in the forum -> here.
December 14th, 2006 at 16:44
Hi Chris,
Thanks a lot for a great utility you’re providing to the Exchange community!
How can we make this work for Exchange Server 2007 which has its own transport stack (does not use IIS SMTPsvc)?
Thanks!
Bharat Suneja
http://www.exchangepedia.com/blog
December 17th, 2006 at 5:05
The software is fantastic but how can i recover an email that was been blocked but it comes from a trusted user?
write me soon as possible
thank you a lot
December 17th, 2006 at 16:40
Bharat Suneja: Oooooh! That’s one for a rainy day. So far I haven’t even installed a trial for E2k7, but I’ll look into it.
December 17th, 2006 at 16:43
Daniele: There’s a simple answer to that – You don’t.
The reason for this is that when you block an email then you don’t receive it and if you don’t receive it then you can’t recover it.
If the senders mailserver works properly (which could safely presumed) then it will retry to send the email and if for whatever reason it can’t deliver it then it will send a NDR report to the original sender.
Cheers,
Chris
December 18th, 2006 at 9:11
It will be better if i can have the option to insert in my whiteList the address of my contact every mail that i send.
The system may be intelligent in this way. what do you think?
December 18th, 2006 at 9:23
Daniele: I agree that this is an interesting option and it’s already on my to-do list for any future versions.
You can see the future features -> here
December 19th, 2006 at 7:08
Works really GREAT – receiving about 3000 messages/days less than without it. Combines perfekt with GFI MailEssentials. And I agree to your Whishlist 😉
December 19th, 2006 at 12:38
Hello
Is it possible to use MySql server for database?
December 20th, 2006 at 1:57
Damjan: No, not at this point and probably not in the future. The reason for this is that almost all organizations that run Exchange also already have MsSQL. And if you don’t have it then you can download SQL server express from MS for free to run on your Exchange box.
There’s just not any benefit of using MySQL at this point.
Cheers,
Chris
December 21st, 2006 at 11:08
Hi Chris,
I was just wondering if anyone has seen this behavior before.
We are testing on 3 mailboxes and have a couple of odd things happen.
The first is that sometimes a message will get greylisted but still get delivered, when this happens the message is totally blank with only a recipient address in the to field, no subject or body.
Each time the senders server retries sending the message during the quarantine period the same blank message is delivered. When the quarantine period expires the full message is delivered as well as all subsequent messages. The only thing in common I can see is that the message is in HTML format.
Any Ideas?
The second is a bit more straight forward
We seem to receive the same message several times a day, It is a HTML message with 2 or 3 valid recipients of our company in the to field and a couple more in the cc field.
My address is not in any of the visible fields so I assume it is in a bcc field. The issue is I receive this message and it is never greylisted, it’s like someone found a hole in the way the greylist works.
Do you know if there is another message format exchange will accept mail from other then SMTP that may bypass the event sink filters?
Thanks again
Allen
December 22nd, 2006 at 8:25
hi,
first of all i wanted to say that you’ve done great work. there’s only one thing which i’m missing and which hasn’t brought to you yet (maybe).
it would be great to have a chance (without recompiling the dlls) to change the default-message when rejecting emails to give a personal website or contact-information in case of anyone does not understand why his mail was rejected.
thanks.
greets,
chris
December 22nd, 2006 at 8:46
Allen: Support questions go in the forum and your answer is –> here.
January 11th, 2007 at 8:57
Anyone know if this will run on a Win2k/Exch2k active/passive cluster?
January 22nd, 2007 at 9:45
I can’t seem to install .Net 2.0 on my exchange server.
Is it possible to manage the config from another computer and just copy the files over?
Is it just the management program that needs .Net 2.0? or the .DLL?
Thanks
January 22nd, 2007 at 14:58
Hi Marc: Both the .dll and Greylist admin depends on .Net 2.0.
If you can’t get it installed then you won’t be able to run it.
Cheers,
Chris