On 10/24/2017 05:06 AM, Mark Foster wrote: > Hi All, > > I run a personal MTA but I host a few not-for-profits and such. > Recently one of my users reported substantial delays on inbound > emails, so I had a quick look... it turns out email from outlook.com > was being seriously hindered by Greylisting. > The retry rate on a 4xx error seems to be very slow (almost precisely > an hour between retry attempts) and of course, the source IP address > changes with each retry, so the Greylisting timers are always reset to > zero... clearly I don't do enough mail volume to keep the timers up to > a point where I know i'm getting 'clean' email. > > The only way I can see to reliably resolve this is to try to whitelist > the sending IP's (is this even practical?) It'd be nice of messages > from outlook.com were retried from the same source IP... this behavior > seems to make greylisting on relatively low-volume mail servers > something of a hassle, and across many years of running the MTA > configured essentially this way, this is the first time i've had this > sort of behavior reported. > > Cheers, > Mark. > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
I get around this by running a check on dnswl.org first and short-circuit greylisting if the sender is in the white list. Then filter the sender IP through a /24 if it's IPv4 and a /64 if it's IPv6 so the timers don't get hung up on different IPs coming from the same block (which for most mail systems running multiple queue servers is going to be out of at least a /24 or /64 network). I also only greylist if the spam score at SMTP time is positive but below the rejection level (so something that isn't already pushed to negative values based on whitelisting or other metrics). That usually keeps valid e-mail from greylisting, and unknown sources with neutral or slightly elevated scores for spam get greylisted and if/when they resend there has been time to boost their spam score to blocking or it passes the greylist timer if the spam score is still below the rejection threshold. -- -James _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop