Grey List By Domain |
Post Reply |
Author | |
ecarbone
Newbie Joined: 11 January 2014 Location: Mexico Status: Offline Points: 24 |
Post Options
Thanks(0)
Posted: 31 October 2014 at 4:05pm |
Is it possible to enable or some how control the GreyList feature by Domain? Either sender domain or receiver domain.
We have noticed that many servers are NOT honoring the mail standard for "retries" and when the SpamFilter rejects on first try, the sending server does not retry from the same IP, instead; relays the mail to another server; which in turns tries to connect and gets rejected by SpamFilter (cause is it's first time) and the story goes on and on until a server with an IP already in the "approved" GrayList takes the email and succesfully sends it. I've already implemented the "Daily GreyList.txt" file that was commented on this post, but still having issues. That's why I'm trying to see if we can turn on or off by domain, either sender or receiver. If the latter can't be done, is there a way to know which IP's are not honoring the GreyList mechanism and which domain they were supposed to be representing? In that way we could manually add them to the GreyList.txt file. For example, how to know that IP w.x.y.z was representing yahoo.com and did not came back after the initial Greylist reject. Regards, Enrique.
|
|
Enrique
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
The greylist is used to reject inbound TCP connections to SpamFilter - this occurs immediately, before the SMTP session is established and the sender begins to send the MAIL FROM / RCPT TO commands to specify the sender and the recipient. SpamFilter thus does not know what domain the email is addressed to when using the greylist filter, so it's not possible to customize the greylist filter based on the domains.
While we do not know which provider does not honor the RFC that requires the specific server that made the initial connection to retry, I can provide you with a list of companies/providers that are associated with the IPs listed in the daily greylist file we update at http://www.logsat.com/SpamFilter/pub/GreyListAllowed.txt The list is quite long, but if you'd like a one-time extract (the list is rather static as these IPs rarely change) please let us know and I can email it to you.
|
|
ecarbone
Newbie Joined: 11 January 2014 Location: Mexico Status: Offline Points: 24 |
Post Options
Thanks(0)
|
Hi Roberto,
We have struggled to get the set of IPs that we need to include to the "GreyListAllowed", looking at the format it seems that if I type something like 216.82.253.*~47795.0 I'm letting the full Class "C" range to get included, and that happens to be what I need; so please tell me if I'm correct. Also, I want to know if I can type something like: 216.82.24*.*~47795.0 meaning that I'm allowing the following ranges: 216.82.240.* 216.82.241.* 216.82.242.* 216.82.243.* 216.82.244.* 216.82.245.* 216.82.246.* 216.82.247.* 216.82.248.* 216.82.249.* is my assumption OK ? or I have to type each C range individually. Lastly, Once I have updated my Greylist.txt file and restarted the service; do I need to update it next day; do the IPs entered in that file have some king of time expiration? Regards. Enrique
|
|
Enrique
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Enrique,
You are correct in the first assumption. This entry: 216.82.253.*~47795.0 will allow the entire Class C range to pass the greylist filter. While that list was not originally intended to be user-modifiable, it does support the use of wildcards. You can also use the "*" to wildcard larger ranges. For example: 216.82.*~47795.0 will allow the whole 216.82.nnn.nnn range to be excluded. You can also use this: 216.82.25*~47795.0 to allow the range: 216.82.250.nnn 216.82.251.nnn ..... 216.82.255.nnn The use of the "?" to substitute a single character is also supported. For example: 216.82.2?3.*~47795.0 will allow you to exclude the range: 216.82.203.nnn 216.82.213.nnn 216.82.223.nnn ... 216.82.253.nnn The decimal number after the "~" character indicates the number of days that have passed since 12/30/1899. The fractional part of the value is fraction of a 24 hour day that has elapsed. SpamFilter will delete from the greylist file any IPs that are listed having a date indicated in the above format which is older than the number of days indicated in the following SpamFilter parameter (60 days by default): GreyListAllowedHold=60 So in your example, if you have an entry with: 216.82.24*.*~47795.0 The number 47795.0 indicates 47795 days after 12/30/1899, which adds up to Nov 7, 2030. So SpamFilter would delete that line from the GreyListAllowed.txt file 60 days after that day, on Jan 6, 2031. So that entry would pretty much be permanent for the next 16 years or so.
|
|
ecarbone
Newbie Joined: 11 January 2014 Location: Mexico Status: Offline Points: 24 |
Post Options
Thanks(0)
|
Thanks for your answer. It has been very helpful.
|
|
Enrique
|
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.297 seconds.