Greylist not working with hosted accounts


New Member
Jan 27, 2022
The email filtering has been working fine for ages, however now lots of our customers have moved to online hosting of email services with Google or MS we are finding that to many emails are being forever greylisted. The domain for the customer is in the whitelist in who objects but I can see the customers being greylisted in the tracking as the emails are comming from different ip's each time.

Is there a way to deal with this or just turn of the grey listing?

You could change the Netmask for Greylisting IPv4 in Configuration -> Mail Proxy -> Options to whitelist a bigger subnet once it goes through.
And there's also the possibility of disabling greylisting via the SMTP Whitelist (Configuration -> Mail Proxy -> Whitelist) instead of disabling it globally.
Does the Mail Proxy Whitelist use the email domain or the sending server domain to bypass greylisting?
IE. I don't want to put Google here I want to put my customers domain
Thanks for the help I will try the whitelist in Mail Proxy, however I think this is something that needs to be looked at going forward as more people move to online email services
As mentioned in my first reply. In those cases you can change the netmask for greylisting, for example to allow a /20 instead of /24. In some cases this is enough to cover different sending IPs for one mail provider.
But I don't want to white list all Google or MS email servers by IP as that is where lots of spam comes from.
I only want to white list people or domains I get emails from regularly
However if these people use Google or MS then the IP is always changing and they get caught in a greylist loop
Greylisting works by saving a tuple of Sender IP, Sender Mail Address and Recipient Mail Address to check against.
If no entry is available for this, it will greylist it by sending a temporary failure. If the mail is sent again a few minutes later, it will go through and that tuple will be whitelisted for 30 days.

But it's not actually the Sender IP, but rather a /24 subnet (by default) that is saved in the tuple. Which means when changing the netmask for greylisting, this subnet will also change. If you then allow a /20 instead of the /24, any mail that's sent from the same sender, but with a different IP still in that subnet, will go through just fine as it is still whitelisted.

I hope that clarifies it, and why changing the netmask can help improve this without manually whitelisting any IP ranges.
Thanks for the detail never seen this before that it is combined from the 3 items



The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!