spf and greylisting
Idea shared by Richard Frank - 12/7/2016 at 3:25 AM
Proposed
I read in Bruce's document to not use Geylist Weight Threshold on the SMTP Blocking tab in the Antispam Administration.
It negates the greylisting options he writes.
I thought, maybe I can use that in combination with the spf record.
I have set SPF-weighing up like this:
Pass Weight 0
Fail Weight 6
SoftFail Weight 2
Neutral Weight 2
PermError Weight 5
None Weight 2
So only if SPF check succeeds AND all the other checks are ok, the message won't be greylisted.
If there is something wrong with spf, or a sending domain doesn't have an spf record, it gets 2 points and will be greylisted.
My idea is that a good configured server will pass mail directly and the customer will experience faster reception of mail and still all other received mail will have to pass greylisting.
Richard, I've read your recent posts on greylisting and agree that it would be nice to bypass greylisting for trusted servers/senders. Here's a similar post that has got quite a bit of traction (many votes and SM marked it Under Consideration).
 
Please vote and/or post your comments there and maybe we can influence SM to add the functionality. Thanks, Kevin
thnx Kevin. I'v read and upped your thread.
I hope if someone from ST can give his/her opinion if my idea will work like this.
I think that if a message has < 2 spampoints it will not be greylisted.
I checked the smtp log and I clearly see less Connections being greylisted.
Richard, good find! Maybe someone can confirm that it does work this way. Would be nice to do something similar to bypass SpamAssassin.
A persistent mailserver :D
[2016.12.07] 08:28:41 [92.70.202.242][45565214] rsp: 451 Greylisted, please try again in 60 seconds
[2016.12.07] 08:28:45 [92.70.202.242][16417684] rsp: 451 Greylisted, please try again in 56 seconds
[2016.12.07] 08:28:50 [92.70.202.242][28492080] rsp: 451 Greylisted, please try again in 51 seconds
[2016.12.07] 08:28:56 [92.70.202.242][43268917] rsp: 451 Greylisted, please try again in 46 seconds
[2016.12.07] 08:29:00 [92.70.202.242][45487337] rsp: 451 Greylisted, please try again in 41 seconds
[2016.12.07] 08:29:06 [92.70.202.242][65044168] rsp: 451 Greylisted, please try again in 35 seconds
[2016.12.07] 08:29:10 [92.70.202.242][35660140] rsp: 451 Greylisted, please try again in 31 seconds
[2016.12.07] 08:29:16 [92.70.202.242][11911812] rsp: 451 Greylisted, please try again in 25 seconds
[2016.12.07] 08:29:20 [92.70.202.242][28902966] rsp: 451 Greylisted, please try again in 21 seconds
[2016.12.07] 08:29:26 [92.70.202.242][7424315] rsp: 451 Greylisted, please try again in 15 seconds
[2016.12.07] 08:29:30 [92.70.202.242][51447692] rsp: 451 Greylisted, please try again in 11 seconds
[2016.12.07] 08:29:36 [92.70.202.242][23885289] rsp: 451 Greylisted, please try again in 5 seconds
[2016.12.07] 08:29:40 [92.70.202.242][59836466] rsp: 451 Greylisted, please try again in 1 seconds
 
makes me wonder.. if greylisting is only to check if a mailserver resends then greylisting period for 1 second is long enough.

Reply to Thread

Enter the verification text