The following snippet can be insterted early in the "acl_check_rcpt" ACL in a standard Debian Exim4 installation. If you have split your Exim4 configuration into several files inside /etc/exim4/conf.d, this should go into /etc/exim4/conf.d/acl/30_exim4-config_check_rcpt. Alternatively, you can use the hook mechanism built into the default Debian Exim4 configuration: save these snippets as something like /etc/exim4/acl_check_data_hook and /etc/exim4/acl_check_rcpt_hook and then in /etc/exim4/conf.d/main/00_exim-config_local (if you have split your configuration file into several files) or very early in /etc/exim4/exim4.conf.template (if you haven't) add the lines: CHECK_RCPT_LOCAL_ACL_FILE = /etc/exim4/acl_check_rcpt_hook CHECK_DATA_LOCAL_ACL_FILE = /etc/exim4/acl_check_data_hook Note that greylistd now comes with a utility to automatically add/remove greylistd support to/from a default Debian Exim 4 installation: greylistd-setup-exim4. Run this utility with no arguments for usage. ---->8-------->8-------->8-------->8-------->8-------->8-------->8---- acl_check_rcpt: # greylistd(8) configuration follows. # This statement has been added by running "greylistd-setup-exim4 add", # and can be removed by running "greylistd-setup-exim4 remove". # Any changes you make here will then be lost. # # Perform greylisting on incoming messages from remote hosts. # We do NOT greylist messages with no envelope sender, because that # would conflict with remote hosts doing callback verifications, and we # might not be able to send mail to such hosts for a while (until the # callback attempt is no longer greylisted, and then some). # # We also check the local whitelist to avoid greylisting mail from # hosts that are expected to forward mail here (such as backup MX hosts, # list servers, etc). # # Because the recipient address has not yet been verified, we do so # now and skip this statement for non-existing recipients. This is # in order to allow for a 550 (reject) response below. If the delivery # happens over a remote transport (such as "smtp"), recipient callout # verification is performed, with the original sender intact. # defer message = $sender_host_address is not yet authorized to deliver \ mail from <$sender_address> to <$local_part@$domain>. \ Please try later. log_message = greylisted. !senders = : !hosts = : +relay_from_hosts : \ ${if exists {/etc/greylistd/whitelist-hosts}\ {/etc/greylistd/whitelist-hosts}{}} : \ ${if exists {/var/lib/greylistd/whitelist-hosts}\ {/var/lib/greylistd/whitelist-hosts}{}} !authenticated = * !acl = acl_local_deny_exceptions domains = +local_domains : +relay_to_domains verify = recipient/callout=20s,use_sender,defer_ok condition = ${readsocket{/var/run/greylistd/socket}\ {--grey \ $sender_host_address \ $sender_address \ $local_part@$domain}\ {5s}{}{false}} ---->8-------->8-------->8-------->8-------->8-------->8-------->8---- Note that the third, fourth and fifth argument to ${readsocket ...} are optional; however, if there is no fifth argument, and if "greylistd" is not running, then the expansion will fail. In this case, Exim will always return a temporary failure (SMTP 451 response), and not deliver any mail. If you want to create triplets with entire /24 (formerly "class C") networks rather than individual IP addresses, you can replace "$sender_host_address" in the example above with a ${mask...} expansion, as follows: condition = ${if eq {grey}\ {${readsocket{/var/run/greylistd/socket}\ {${mask:$sender_host_address/24} \ $sender_address \ $local_part@$domain}\ {5s}{}{}}}\ {true}{false}} You may also want a similar statement in the "acl_check_data" ACL to catch mail sent with no envelope sender: ---->8-------->8-------->8-------->8-------->8-------->8-------->8---- ---->8-------->8-------->8-------->8-------->8-------->8-------->8---- Good Luck! Tor Slettnes