Les greylists, pour combattre le SPAM, c'est super! J'adore le concept, la mise en place avec Postfix, le résultat.

Mais késako, une greylist ?

Greylists are pure gold when it comes to rejecting junk email. Whenever a client attempts to send mail to a particular recipient, the greylist server will attempt to find that client’s address and the recipient’s address in its database. If there is no such entry then one will be created, and Postfix will use a standard SMTP error message to tell the client that the recipient’s mailbox is temporarily unavailable and to try again later. It will then continue to reject similar attempts until the timestamp is of a certain age (mine is set to five minutes). The theory behind this is that almost no special-purpose spam sending software will actually attempt to re-send the message, but almost every legitimate mail server in existence will gladly comply and send the queued message a short time later. This simple addition cut my incoming junk email load by over 99% at the small cost of having to wait an extra five minutes to receive email for the first time from a new contact. It has worked flawlessly with the many mailing lists that my clients and I subscribe to and has not caused any collateral problems that I am aware of. If you take nothing else from this article, let it be that greylisting is a Good Thing and your customers will love you for using it.

Extrait de l'article Filtering spam with Postfix, un must-read pour tout bon Geek utilisant Postfix.

La mise en place sur une Mandriva LE 2005:
Installer postgrey: urpmi postgrey
Lancer Postgrey: /etc/init.d/postgrey start
S'assurer que Postgrey se lancera si reboot: chkconfig --add postgrey
Edition de /etc/postfix/main.cf pour rajouter:

smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client relays.ordb.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl-xbl.spamhaus.org,
check_policy_service unix:extern/postgrey/socket,
permit

(notez aussi au passage l'utilisation des blacklists).
Redémarrer Postfix: /etc/init.d/postfix restart
Et voila!