GREYLISTING is a proven technology to significantly reduce spam based on the basic theory Good Guys always follow standard rules and Bad Guys do not.
Standard compliant SMTP systems use response code such as 550-559 to tell the sender the mail transaction is not acceptable and is permanently rejected and they SHOULD never try to resend the same message because it will continue to be rejected - always. The codes 450-459 are used for temporary rejection and allows the sender to try again at some later time. This is normal and expected operations for a standard SMTP system.
GREYLISTING uses the idea of a temporary rejection the first time the sender attempt to send mail with the idea the good valid SMTP compliant sender will try again. A non-compliant SMTP sender will not again.
It works well because even if the bad guy is using a compliant SMTP software, they are not interested in sending you again the same message anyway. They may try to send another different spam, but not the same one.
Wildcat! SMTPFILTER system directly supports GreyListing with an advanced system to help reduce the negative aspects of first time rejections.
Wildcat! installs the SMTPFILTER system with stock scripts which includes the scripts smtpfilter-autowhite.wcx and smtpfilter-greylist.wcx. To enable it, these WCX scripts must be added to the [HOOKS] section of the data\smtpfilterhookloader.ini file:
[Hooks] smtpfilter-dkimverify smtpfilter-autowhite <--- helps reduce blockage of known senders smtpfilter-checkwords smtpfilter-greylist
smtpfilter-greylist should be among the last script after all others are run.
Use SETUP to edit the Greylisting configuration.
WCGL will only act on mail targeted to user addresses defined in the GREYLIST CHECK FILE. If the email TO: address is not found in this file, then WCGL is skipped on the email. This allows you to defined which addresses will have GREYLIST support. Wildcard are supported.
Example:
*@domain.com
joe.user@secondary.com
This will tell WCGL to perform a greylist test for email coming in for all users in domain.com and for the specific joe.user@secondary.com email address. For all other users, no WCGL testing is done.
The Whitelist are the addresses that should be automatically accepted. WCGL will check the email FROM address in this file. If found, then the WCGL testing is skipped.
The Blacklist are the addresses that should be automatically rejected.