spf and greylisting
Idea shared by Richard Frank - December 7, 2016 at 3:25 AM
Proposed
I read in Bruce's document to not use Geylist Weight Threshold on the SMTP Blocking tab in the Antispam Administration.
It negates the greylisting options he writes.
I thought, maybe I can use that in combination with the spf record.
I have set SPF-weighing up like this:
Pass Weight 0
Fail Weight 6
SoftFail Weight 2
Neutral Weight 2
PermError Weight 5
None Weight 2
So only if SPF check succeeds AND all the other checks are ok, the message won't be greylisted.
If there is something wrong with spf, or a sending domain doesn't have an spf record, it gets 2 points and will be greylisted.
My idea is that a good configured server will pass mail directly and the customer will experience faster reception of mail and still all other received mail will have to pass greylisting.

6 Replies

Reply to Thread
1
Richard, I've read your recent posts on greylisting and agree that it would be nice to bypass greylisting for trusted servers/senders. Here's a similar post that has got quite a bit of traction (many votes and SM marked it Under Consideration).
 
Please vote and/or post your comments there and maybe we can influence SM to add the functionality. Thanks, Kevin
0
thnx Kevin. I'v read and upped your thread.
1
I hope if someone from ST can give his/her opinion if my idea will work like this.
I think that if a message has < 2 spampoints it will not be greylisted.
0
I checked the smtp log and I clearly see less Connections being greylisted.
0
Richard, good find! Maybe someone can confirm that it does work this way. Would be nice to do something similar to bypass SpamAssassin.
0
A persistent mailserver :D
[2016.12.07] 08:28:41 [92.70.202.242][45565214] rsp: 451 Greylisted, please try again in 60 seconds
[2016.12.07] 08:28:45 [92.70.202.242][16417684] rsp: 451 Greylisted, please try again in 56 seconds
[2016.12.07] 08:28:50 [92.70.202.242][28492080] rsp: 451 Greylisted, please try again in 51 seconds
[2016.12.07] 08:28:56 [92.70.202.242][43268917] rsp: 451 Greylisted, please try again in 46 seconds
[2016.12.07] 08:29:00 [92.70.202.242][45487337] rsp: 451 Greylisted, please try again in 41 seconds
[2016.12.07] 08:29:06 [92.70.202.242][65044168] rsp: 451 Greylisted, please try again in 35 seconds
[2016.12.07] 08:29:10 [92.70.202.242][35660140] rsp: 451 Greylisted, please try again in 31 seconds
[2016.12.07] 08:29:16 [92.70.202.242][11911812] rsp: 451 Greylisted, please try again in 25 seconds
[2016.12.07] 08:29:20 [92.70.202.242][28902966] rsp: 451 Greylisted, please try again in 21 seconds
[2016.12.07] 08:29:26 [92.70.202.242][7424315] rsp: 451 Greylisted, please try again in 15 seconds
[2016.12.07] 08:29:30 [92.70.202.242][51447692] rsp: 451 Greylisted, please try again in 11 seconds
[2016.12.07] 08:29:36 [92.70.202.242][23885289] rsp: 451 Greylisted, please try again in 5 seconds
[2016.12.07] 08:29:40 [92.70.202.242][59836466] rsp: 451 Greylisted, please try again in 1 seconds
 
makes me wonder.. if greylisting is only to check if a mailserver resends then greylisting period for 1 second is long enough.

Reply to Thread