Greylisting feature unreliable

[Checole]

Hi community,

I am running Proxmox Mail Gateway on a virtual machine before a synology mail plus server.

I was extremely happy with the PMG and its skill level. So even as an enhanced private user I am considering to pay the license for such a good product in future.

However, there is the greylisting features which - in my eyes - needs urgently some tweaks and enhancements.

In last time I received emails from serious senders such as providers for different goods and services.

And unfortunately they are all on the greylist.

What's extremely weird is, that you cannot click a button on the tracking center and say "deliver". If you can do that for spam why not for less suspicious greylisted emails?
And what's weird as well is that despite the docs say they need to resend the mail, the resent mail is again and again on the greylist.

So you need to put them explicitly on the whitelist, and after you have done that you need to call the guys and ask them to resend it.

And then you hear, "oh it is extremely hard to reach you".

Have I missed something and there is a configuration magic?

 

[dietmar]

If it does not work for you, you can simply turn it off (greylisting is a feature that can be enabled/disabled).

 

[Pcom]

If it does not work for you, you can simply turn it off (greylisting is a feature that can be enabled/disabled).

Ok, we can disable it, but I think Checole post is right, I had some very similar problem. I don't think simply "turn it off" is a good solution.

 

[niziak]

We also have to disable it.

We observed that all further deliveries within first 30 minutes are greylisted. This time window is too big and it is not possible to receive security codes within expiration window. Also simple option to specify one netmask for IPv4 is not enough.

Huge providers are using multiple IPs to send email. Sometimes from different IP segments.
For example, one of MS Outlook server IP belongs to network class /12.

It will be useful to add more configuration options (i.e: define list of network classes for greylisting)

 

[Stoiko Ivanov]

However, there is the greylisting features which - in my eyes - needs urgently some tweaks and enhancements.

In last time I received emails from serious senders such as providers for different goods and services.

And unfortunately they are all on the greylist.

Greylisting works by sending a temporary error-code (4xx) to the sender - all sensible mail-servers will try to resend that mail after a short while (5 minutes) - and then it will pass (and the triple sender-email,recipient-email,sender-ip will not be delayed again for 30 days).

What's extremely weird is, that you cannot click a button on the tracking center and say "deliver". If you can do that for spam why not for less suspicious greylisted emails?

That's because the mail has not been accepted on the system (and is not available)

the resent mail is again and again on the greylist.

That can happen if the sender uses many IP-addresses to send mails - you can put a larger grey-list mask in such cases - https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_mailproxy_options - e.g. 24 is the default - with 16 every ip from the same /16 would be permitted to send directly

Huge providers are using multiple IPs to send email. Sometimes from different IP segments.
For example, one of MS Outlook server IP belongs to network class /12.

just set the greylist mask to /12.

I hope this helps!