Criteria for release from greylist purgatory

K

KatyComputer

Well-Known Member
Sep 26, 2019
193
16
58
61
St Louis
katycomputer.com
What are the criteria used to accept email when greylisting is active?

Is it knock once, gain admission in an hour, knock three times gain admission ?

Can these parameters be changed?

When a message is RBL rejected, is there a mechanism to greylist its ip address &/or network for 24 hours?
 
So you probably know what the basic idea of Greylisting is, for anybody else, Wikipedia summarizes it actually quite good. https://en.wikipedia.org/wiki/Greylisting#How_it_works

KatyComputer said:
s it knock once, gain admission in an hour, knock three times gain admission ?
Click to expand...

It's recieve once be unkown -> defer, then we have a 3 minute greylist delay window, the senders is expected to re-try sending a bit later as defined in SMTP, but only after that window passed, else it's not a valid retry. Spammers normally do not retry at all, or to fast, or when they retry they are already on a realt-time blacklist.

"knocking" three times doesn't do anything, the time between sends is the only thing relevant.
But waiting to long for the re-send also defers again, e.g., if the MTA waits for over 2 days for resending, the initial send is forgotten and this it's deferred again.

Once accepted the tuple of sender and host are "approved" for another month (36 days to be specific), and on a future retry the greylist check is thus passed immediately (but the rest of the checks are naturally done independently).
 
No, it's hardcoded.

Also, why would you want to increase the delay a sender needs to wait for resend? If they keep their sending mailq and wait for over 3 minutes before retrying to your mailgateway it's normally safe to say that it is a valid MTA not just a "try once and forget" (spammy) sender. Also, you then increase the chance to add latency to mail reception and increase the chance to reject mails which followed the SMTP protocol in a valid way (which greylist checking is for).
 
Spam is getting delivered using a server with a good reputation at 6am, by 10am several DNSBL sites will have corrected the server's reputation, so by increasing the delay, we buy ourselves some ability to catch this scam.

I am using Postwhite to mitigate delivery delays from Office 365, Google etc.
 
The other piece of this question is, how do we put a block on IPs delivering spammy email?

Something along the lines of score a 20, get a 5 day block, score a 10, get a 1 day block etc
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back