A postfix greylisting and crypto aware email policy client
Shell C CSS
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



About Cryptolist

Cryptolist is a STARTTLS aware postfix policy daemon, based on the Greyfix 0.3.9 greylisting policy daemon for Postfix written by Kim Minh Kaplan, and Copyright 2007 by Kim Minh Kaplan.

Greylisting is an anti spam technique described by Evan Harris. Postfix is a popular mail transport agent developed by Weitze Venema.

Cryptolist uses Postfix policy mechanisms to enable greylisting with Postfix, with awareness of when a email exchange is encrypted. It allows additional greylisting policies to be enforced depending on the encrypted/unencrypted nature of the mail exchange.

Latest version

None. See the git repo on github for a current version.

Features Inherited from Greyfix

  • Low and tunable resource usage and high efficiency. The program is written in C and uses Berkeley DB to track mailers. By itself it allocates memory only for a single request and the Berkeley DB library can be configured to use very little RAM.
  • Integrates with Postfix’s master daemon. Postfix will shutdown cryptolist when it is not used completely freeing its runtime resources.
  • No administrative burden. Everything happens “automagically”.
  • No need for a database server. Uses Berkeley DB which is already installed with most free Unix distributions.

Features specific to Cryptolist

  • Separate greylisting policies for encrypted and non-encrypted transfers


  • Postfix 2.3 or later. Cryptolist is designed exclusively for it. It will not work with other mailers.
  • Berkeley DB 4.0 or later. Chances are you already have it.


Cryptolist uses GNU’s build system. To install the cryptolist daemon just type the following commands:

<example> $ gzip -cd cryptolist-0.3.9.tar.gz | tar xf - $ cd cryptolist-0.3.9 $ ./configure $ make $ su -c ‘make install’ </example>

Edit Postfix’s master configuration file, /etc/postfix/master.cf, and add the following:

<example> cryptolist unix - n n - - spawn user=nobody argv=/usr/local/sbin/cryptolist -/ 24 </example>

Edit Postfix’s main configuration file, /etc/postfix/main.cf and add the following (not for Solaris):

<example> smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/cryptolist </example>

If there is already a smtpd_recipient_restrictions configuration line you should edit it rather than add a new one. The important part for cryptolist is that you should add <code>check_policy_service unix:private/cryptolist</code> to it.

Finally have postfix reload its configuration with <code>postfix reload</code>.

Theory of operation


  • Raise the bar even further for spammers!
  • It is a pretty good assumption (currently) that almost anybody with starttls working correctly knows what he’s doing, so why not exchange email directly with such servers? Reward people for turning crypto on.
  • Why leak information to the rbl databases that you got an email from so-and-so?
  • Introduce the possibility of checking validity of certificates more flexibly.


  • Send/recieve mail faster
  • Send/recieve mail more securely
  • Stop random spam COLD.


Encrypted transfers use very short term greylist (20 seconds, by default) - that makes it more likely that the sending mail server will retry and succeed immediately.


<example> cryptolist [-V] [-v] [-d] [-h <Berkeley DB home directory>] [-g <greylist delay>] [ -c <encrypted delay> ] [ -C nonencrypted action ] [-b <bloc maximum idle>] [-p <pass maximum idle>] [-r <reject action>] [-G <greylisted action>] [-/ <network bits>] [–dump-triplets] [–help]

-b <seconds>, –bloc-max-idle <seconds>

This determines how many seconds of life are given to a record that is created from a new mail (ip, from, to) triplet. Note that the window created by this setting for passing mails is reduced by the amount set for –greylist-delay. NOTE: See also –pass-max-idle. Defaults to 18000 (5 hours).

-d, –debug

Debug logging

-g <seconds>, –greylist-delay <seconds>

This determines how many seconds we will block inbound mail that is from a previously unknown (ip, from, to) triplet. If it is set to zero, incoming mail association will be learned, but no deliveries will be tempfailed. Use a setting of zero with caution, as it will learn spammers as well as legitimate senders. Defaults to 3480 (58 minutes).

-c <seconds>, –cryplist-delay <seconds>

This determines how many seconds we will block inbound mail that is from a previously unknown (ip, from, to) triplet, AND is encrypted. If it is set to zero, incoming mail association will be learned, but no deliveries will be tempfailed. Use a setting of zero with caution, as it will learn spammers as well as legitimate senders. Defaults to 20 (20 seconds).

-h <Berkeley DB home directory>, –home <Berkeley DB home directory>

Location of the Berkeley DB environment home location (the default is autoconf’s $localstatedir/greyfix i.e. /usr/local/var/lib/greyfix).


Show usage information.

-p <seconds>, –pass-max-idle <seconds>

How much life (in secs) to give to a record we are updating from an allowed (passed) email.

The default is 36 days, which should be enough to handle messages that may only be sent once a month, or on things like the first monday of the month (which sometimes means 5 weeks). Plus, we add a day for a delivery buffer.

-r <reject action>, –reject-action <reject action>

The reject action directive that will be used. See access(5) for valid actions. The string expands %d to the number of seconds, %p to the empty string if %d expands to 1 or “s” otherwise, %s to ” ” and %% to “%”.

The default is “DEFER_IF_PERMIT Greylisted by Cryptolist X.Y.Z, try again in %d second%p. See http://cryptolist.taht.net for more information.”.

-G <greylisted action>, –greylisted-action <greylisted action>

The action that will be used the first time a triplet passes greylisting. Same expansion as for –reject-action.

The default is “PREPEND X-Greyfix: Greylisted by Greyfix X.Y.Z for %d second%p. See http://cryptolist.taht.net for more information.”

-v, –verbose

Verbose logging

-V, –version

Show version information.

-/ <nbits>, –network-prefix <nbits>

Only consider the first <nbits> bits of an IPv4 address. Defaults to 32 i.e. the whole adresse is significant.


Dump the triplets database to stdout. Mostly for debugging purposes. </example>


Autoconf defaults are poor

GNU Autoconf’s default value for $(localstatedir) is /usr/local/var/lib which is quite different from what most Unix distribution use. You’ll probably want to invoke configure like this:

<example> $ ./configure –localstatedir=/var/lib </example>

This makes Cryptolist DB be located in /var/lib/cryptolist. Alternatively you can use the -h <DB home> command line option but do not forget to create the directory and give it correct permissions so that Cryptolist can access it.

Cryptolist uses syslog with facility LOG_MAIL. As such the log messages should appear along postfix’s.

If you log messages with DEBUG serverity you will see some messages saying something like “DEBUG: BDB-16: db_env->remove returned: Device busy”. They are not error messages and are normal when multiple greyfix daemons operate concurrently.


You should use some whitelisting of some sort for some servers. I’d love to do a survey of STARTTLS enabled servers.



Cryptolist inherits all the bugs from greyfix-0.3.9. Those bugs are filed on Greyfix’s ticket page. Cryptolist probably has new ones. Those will be kept on github. I will try to incorporate changes to greyfix and vice versa.

Older versions

None yet. See the git repo!