On 2017-04-21, Markus Rosjat <ros...@ghweb.de> wrote: > so if you have spamd in place in greylisting mode and you have customers > that work with people who use Office365 as a service you will get calls > that emails are delayed for a freaking long time and if you check the ip > range that outlook.com could send from you get scared. > > So what are the strategies out there to handle this kind of situation?
I stopped simple spamd-style greylisting years ago, I was spending far more time waiting for verification mails and figuring out the cause for mail delays than it saved me in deleting spam (especially considering a lot still gets past greylisting). I switched to using postfix's "after-accept" checks (which drop the first attempt from a new source, blacklisting if they make certain SMTP errors, but don't have a timeout period - allows delivery immediately on reconnect). And these days I exempt hosts on dnswl.org from this. I now also do greylisting via rspamd for high-ish scoring mail, if it suspects it's likely to be spam but isn't quite sure, it greylists for a while; often the sender is added to enough RBL or RHSBLs by the time it retries and is then detected as spam right away. There are still some delays from legit-but-spammy-looking mail, but real "written by a human" mail, and the majority of address verification mails, usually get through without greylisting. > Do you let them all pass and trust that microsoft is protecting there > service enough to stop spamming from hijacked machines that use office365 ? Never mind spam, from what I can see Microsoft don't even kill off actual malware hosted on their own domains (e.g. sharepoint.com) in a timely fashion.. But they undoubtedly will have per-sender rate limits on email. I don't see greylisting from the address space listed in their SPF records or dnswl entries as doing much good. > I'm a little reluctant to whitelist a shitload of ips just to get rid of > a 1 or 2 day delay in delivering the message and yes this was the case And if you're unlucky they don't retry from the same IP before the message gets too old and falls out of the sender's queue.
