Greylisting is the process of deferring emails from unknown senders. When the email arrives, Greylisting causes the server to return a message that boils down to, “I’m busy at the moment, try again in a bit.” Valid Mail Transfer Agents (MTAs), like Exim, will automatically retry many times. This retry time can be several minutes to start and last for several days. Invalid MTAs will simply give up and move to the next enticing spam target. We use these retry attempts as a way to weed out good email from bad.
cPanel created its own Greylisting daemon, cpgrey, that runs at SMTP receipt time. This means it happens before any real data is sent. The cpgrey daemon looks for a triplet: a source IP address, a source email address, and a destination IP address. If this combination has not been seen in a set time frame (this time frame is configurable), cpgrey will defer all email from that triplet for a set initial block time (again this time frame is configurable.) After the initial block time has expired, the system will accept email from the triplet until the max block time has expired.
Greylisting has its own interface in WHM that allows root users to configure many aspects of the system. You can set the time for the initial block, the must retry time, and the triplet expire time. You can also allow emails with valid SPF records to bypass Greylisting completely. The interface also includes a Trusted Hosts page that allows you to configure IP addresses and CIDR ranges to bypass Greylisting. Finally, we have added a simple report that allows you to see the current triplets in the Greylisting database. You can even add IP addresses and CIDR ranges directly from the report.
cPanel users are able to control which of their domains use Greylisting through the Greylisting interface in both PaperLantern and x3. cPanel users will see a list of domains they control and a simple toggle to disable or enable Greylisting. Bulk actions to enable all or disable all are included in a gear icon located in the top right corner.
We highly recommend server administrators use Greylisting as a strong tool in their arsenal for combating spam.