Greylisting in Exchange 2003

Posted on January 8, 2009 by Daniel Petri in Exchange Server with 0 Comments

Greylisting with Exchange 2003

Greylisting seems to be the right method to effectively lower the spam levels your mail servers get daily. Read more about it on my Combating Spam with Greylisting article.

There are quite a few Greylisting implementations available for a wide variety of SMTP mail servers. So far I was only able to find one freeware Exchange 2000/2003 implementation (if you know of any other freely available tool please let me know).

Greylist – freeware Grey list for Exchange v1.2 by Chris J.

The program consists of two parts:

  • Greylist installs as a .dll and connects to the SMTP service’s OnInboundCommand RCPT. It reads it configuration from Greylist.cfg and uses Greylist.mdb for logging entries. It also produces a log file in the log directory.
  • Greylist admin creates and configures the above files as well as controls the settings and the white list.


  • Windows server 2000/2003
  • Exchange 2000/2003 or the vanilla IIS service
  • .NET framework 2.0
  • (Optional) Microsoft SQL 2000/2003 or SQL Server Express



  • Continue blocking for X minutes.
  • Installs as a cached .dll
  • Block by Source IP, Sender email address, Recipient address all together or in any combination.
  • White list (always allow) by Source IP, Sender email address, Recipient address or in any combination.
  • Clean out entries older then X days on the first session of the day.
  • Stores data in a Microsoft access database, .mdb or in a MsSQL db.
  • Logs on error to the event log
  • Logs all sessions to a daily log file in /log/

Greylist admin

  • Configures: Block for X minutes, Max age in X days, White list.
  • Configures which items to use when blocking by Source IP, Sender email address, Recipient address all together or in any combination.
  • Displays blocked items and passed items in totals.
  • Displays current items in database.
  • Displays block rate in % according to all entries in the database.
  • Manually start cleanup routine.
  • Configures the database connection

Installation and usage:

  1. After downloading the small freeware tool you need to extract it to a folder of your choice on the Exchange server. Note that this folder will also host the tool’s database and logfiles, thus I suggest you place it onto a separate drive.

The Greylist tool should be used on the Exchange servers that are facing the Internet.

  1. Start Greylist admin. This will create the default database settings.

Greylist installs with the default setting of using a local access mdb database. There is also an option to make use of a MS SQL server to store the data which has two interesting advantages:

  • An SQL database handle more stress and more data. The mdb database has proven to be stable in environments with 3-5000 mails a day and it can possible handle more, but the SQL server can handle millions of messages a day.
  • A central SQL server is that several Greylist servers can share the same database and therefore be used on multiple internet facing servers.

You can download the free version of Microsoft SQL server called SQL server Express 2005 (SSE) from here:

Microsoft SQL Server 2005 Express Edition

The downside of using the free SQL Server 2005 Express Edition is that you must install it on the same server that you intend to run Greylist from. If you’d like to use a SQL server outside the Greylist server then you have to purchase the full SQL product from Microsoft.

  1. Open a command prompt and go to the install directory. Type enable and press enter. This will register greylist.dll and tell the SMTP service to use it.
  2. Test sending an email to yourself from somewhere on the outside and wait a couple of minutes.

Note that when using the TELNET prompt to send the email (read SMTP, POP3 and Telnet in Exchange 2000/2003 for more info) you will get the following reply from the server:

You can also see the report in the Greylist logfiles:

  1. Click on refresh in Greylist admin. You should now see at least one blocked item and at least on item in the database.

From my initial testing, using Greylist on Exchange 2003 production servers has dropped the number of spam messages being received by IMF (read Block Spam with Exchange 2003 Intelligent Message Filter) significantly.

As always, read the readme file for more information.

Related articles

You might also want to read the following related articles:


Greylist – freeware Greylist for Exchange v1.2