Print Page | Close Window

Grey List By Domain

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=7101
Printed Date: 26 December 2024 at 7:29am


Topic: Grey List By Domain
Posted By: ecarbone
Subject: Grey List By Domain
Date Posted: 31 October 2014 at 4:05pm
Is it possible to enable or some how control the GreyList feature by Domain? Either sender domain or receiver domain.

We have noticed that many servers are NOT honoring the mail standard for "retries" and when the SpamFilter rejects on first try, the sending server does not retry from the same IP, instead; relays the mail to another server; which in turns tries to connect and gets rejected by SpamFilter (cause is it's first time) and the story goes on and on until a server with an IP already in the "approved" GrayList takes the email and succesfully sends it.

I've already implemented the "Daily GreyList.txt" file that was commented on this post, but still having issues.

That's why I'm trying to see if we can turn on or off by domain, either sender or receiver.

If the latter can't be done, is there a way to know which IP's are not honoring the GreyList mechanism and which domain they were supposed to be representing? In that way we could manually add them to the GreyList.txt file. For example, how to know that IP w.x.y.z was representing yahoo.com and did not came back after the initial Greylist reject.

Regards,

   Enrique.


-------------
Enrique


Replies:
Posted By: LogSat
Date Posted: 01 November 2014 at 2:31pm
The greylist is used to reject inbound TCP connections to SpamFilter - this occurs immediately, before the SMTP session is established and the sender begins to send the MAIL FROM / RCPT TO commands to specify the sender and the recipient. SpamFilter thus does not know what domain the email is addressed to when using the greylist filter, so it's not possible to customize the greylist filter based on the domains.

While we do not know which provider does not honor the RFC that requires the specific server that made the initial connection to retry, I can provide you with a list of companies/providers that are associated with the IPs listed in the daily greylist file we update at http://www.logsat.com/SpamFilter/pub/GreyListAllowed.txt

The list is quite long, but if you'd like a one-time extract (the list is rather static as these IPs rarely change) please let us know and I can email it to you.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: ecarbone
Date Posted: 14 November 2014 at 3:13pm
Hi Roberto, 
  
   We have struggled to get the set of IPs that we need to include to the "GreyListAllowed", looking at the format it seems that if I type something like

216.82.253.*~47795.0

I'm letting the full Class "C" range to get included, and that happens to be what I need; so please tell me if I'm correct. 

Also, I want to know if I can type something like:

216.82.24*.*~47795.0

meaning that I'm allowing the following ranges:

216.82.240.*
216.82.241.*
216.82.242.*
216.82.243.*
216.82.244.*
216.82.245.*
216.82.246.*
216.82.247.*
216.82.248.*
216.82.249.*

is my assumption OK ? or I have to type each C range individually.

Lastly, Once I have updated my Greylist.txt file and restarted the service; do I need to update it next day; do the IPs entered in that file have some king of time expiration?

Regards.

   Enrique


-------------
Enrique

Posted By: LogSat
Date Posted: 15 November 2014 at 7:14am
Enrique,

You are correct in the first assumption. This entry:

216.82.253.*~47795.0

will allow the entire Class C range to pass the greylist filter. While that list was not originally intended to be user-modifiable, it does support the use of wildcards. You can also use the "*" to wildcard larger ranges. For example:

216.82.*~47795.0

will allow the whole 216.82.nnn.nnn range to be excluded. You can also use this:

216.82.25*~47795.0

to allow the range:
216.82.250.nnn
216.82.251.nnn
.....
216.82.255.nnn

The use of the "?" to substitute a single character is also supported. For example:

216.82.2?3.*~47795.0

will allow you to exclude the range:

216.82.203.nnn
216.82.213.nnn
216.82.223.nnn
...
216.82.253.nnn


The decimal number after the "~" character indicates the number of days that have passed since 12/30/1899. The fractional part of the value is fraction of a 24 hour day that has elapsed.

SpamFilter will delete from the greylist file any IPs that are listed having a date indicated in the above format which is older than the number of days indicated in the following SpamFilter parameter (60 days by default):
GreyListAllowedHold=60


So in your example, if you have an entry with:
216.82.24*.*~47795.0

The number 47795.0 indicates 47795 days after 12/30/1899, which adds up to Nov 7, 2030. So SpamFilter would delete that line from the GreyListAllowed.txt file 60 days after that day, on Jan 6, 2031. 
So that entry would pretty much be permanent for the next 16 years or so.


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: ecarbone
Date Posted: 18 November 2014 at 3:51pm
Thanks for your answer. It has been very helpful.

-------------
Enrique


Print Page | Close Window