whitelist for greylisting (only)?

I

IEM

Well-Known Member
Proxmox Subscriber
Sep 4, 2018
69
10
48
48
Austria
i do love greylisting, but:
is there a way to bypass greylisting for some hosts/networks?

the obvious problem is with large providers (outlook, googlemail, gmx,...) that keep resending from different IPs, thus keeping the mail in the greylisting for ages.

i know i can whitelist hosts, but afaiu, that means that these whitelisted hosts will completely bypass all anti-spam measures. this is not what i want to do.

so I would like to do any or all of the following, but it should only effect greylisting:
  • manually maintain a whitelist of hosts/networks
  • use a DNS-based realtime whitelists instead of a manually maintained static one
  • use the SPF-entry of a domain (or similar) to exclude an sender from being greylisted
also, something i never understood about greylisting: if an IP has been established to be a valid SMTP sender (using a given (IP, sender1, receiver2) tuple), why is it greylisted again when the sender resp receiver address changes (that is: a new (IP, sender3, receiver4))? we obviously need such a tuple to establish that the given IP is pertinacious enough when doing delivery attempts; but isn't it safe to assume that once we know that that IP is pertinacious it will stay so for some time?
esp. if we could establish (by other means) that the IP is from a static range?
 
well, the documentation says:
The SMTP Whitelist is responsible for disabling greylisting as well as SPF and DNSBL checks. These are done during the SMTP dialogue.
Click to expand...

and i said:
[...], but it should only effect greylisting
Click to expand...

so afaict, the SMTP whitelist does not fit my bill.
it seems to be mostly targetted at SMTP hosts that are setup as mail forwarders towards the PMG and which can be "fully trusted" (e.g. because they are under your control).
 
For the large providers you can just try to set a larger greylist mask (GUI->Configuration->Mail Proxy->Options->Netmask for Greylisting (v4 and v6))

That was the original intention of the feature:
* mail still gets greylisted, but even if it gets delivered by a different IP - it passes if it fits in the network) - maybe try 19 or 20 as ipv4 netmask
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back