[BlueOnyx:23561] Re: Milter Greylist

[Richard Sidlin]

> On 1/7/2020 4:39 AM, Richard Sidlin wrote:
> >
> > Hi List
> >
> > I have recently purchased the AV Spam package and installed it on my
> > newly built 5210R. I am having trouble with the Milter Greylist. It is
> > set to defer the emails for 15 minutes and then whitelist for 7 days.
> > Problem is, when the originating email tries to send the email again,
> > it keeps being rejected and emails are being delayed by about 12 hours
> > when it eventually lets them through.
> >
> > I have flushed the SQL database, I have rebooted the server all to no
> > avail. I submitted a support request from the server yesterday but not
> > sure how long it is before I hear back. Anyone have any suggestions?
> >
> > Thanks.
> >
> Hi Richard,
> 
> Greylisting is widely misunderstood and misused.  Which is unfortunate
> because it can be a great tool.
> 
> Without seeing your logs it's impossible for me to tell you with certainty, but I
> have an idea as to what may be happening.   If the email is from one of the
> big email or freemail providers, the way they operate is inconsistent with
> effective greylisting.   The problem is the message may be attempted by a
> machine with one IP address initially, but then when it's deferred it is next
> tried by a different IP address, which needs its own 15 minute window, so it's
> again deferred.   And so on.   At some point the message is re-tried by one of
> the IPs that has already knocked on your door and then it's let through.
> 
> What we do with our systems is load in the IP addresses or ranges of known
> providers (such as hotmail/outlook, gmail and others) which you can
> commonly find buried in their pages.
> 
> Start with the commonality first.  What address(es) are being trapped in
> greylisting?   Where are they being sent from?  Same provider but different
> IPs?   Just look up the ranges, add them into AV-Spam and see if that fixes
> things up for you.
> 
Thanks Chris. Yes, misunderstood. I have looked at the offending emails and they do indeed get resubmitted from a different IP.

I'm sort of happy to re-instate Greylisting if it doesn't cause me constant grief in this way. Looking at the for instance Microsoft IP's, they have a spreadsheet with 168 lines of IPv4 IP's! Does anyone else that uses this software have a list of IP's that I can paste in or is it too much effort and just disable greylisting?