cPanel/Exim dealing with other servers that implement greylisting

ichthus

Registered
May 1, 2003
3
0
151
We have a local university that is implementing greylisting on their mailservers, and many of my users send mail through my cPanel enabled server. Many of these emails never get there and bounce back after about 5 days because exim isnt configured to send mail to servers that have this technique implemented. The "workaround" they suggest is to send the same copy of the email twice one time, and then it will work from then on. But only this sender/recipient combination is added to the whitelist, so you would have to do it for EVERY email address that you want to send to. I find this unacceptable.

Believe me, I am not a proponent of greylisting.... I think spammers could just get around it with that simple workaround if they wanted. But, other people in the world swear by it and are using it... so can we make our mail servers work with it?

Thanks-
Kevin
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
ichthus said:
We have a local university that is implementing greylisting on their mailservers, and many of my users send mail through my cPanel enabled server. Many of these emails never get there and bounce back after about 5 days because exim isnt configured to send mail to servers that have this technique implemented. The "workaround" they suggest is to send the same copy of the email twice one time, and then it will work from then on.
The best work around this issue is the university putting your IPs or domain names in their whitelist. For more information, read http://projects.puremagic.com/greylisting/whitepaper.html
 

ichthus

Registered
May 1, 2003
3
0
151
I'll try that, but what if there were 50 servers out there that implemented greylisting? Would I have to go to each and every one and request my server IP to be added to their whitelist?
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,217
4
193
Minneapolis, MN
ichthus said:
I'll try that, but what if there were 50 servers out there that implemented greylisting? Would I have to go to each and every one and request my server IP to be added to their whitelist?
I guess, unless otherwise :)
Allow me to ask you this, Is rDNS implemented on your server? make sure your server is properly configured, secured and up-to-date.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
ichthus said:
Also, their site says if the server was properly configured to meet "internet standards", then their servers would accept the mail no problem.
http://www.ietf.org/rfc/rfc2821.txt
They always say that and it is rubbish. Greylisting may be great in theory, but it in practice it breaks the proper delivery, especially if it's not setup correctly. I positively hate the concept of denying delivery of email and expecting the sending server to try again - it's a dishonest way to run an MTA, IMHO :) There are much better ways of dealing with spam issues.

Unless the recipient fixes how they're doing things or is wiliing to investigate there's little you can do since the problem is entirely at their end, not yours.

BTW, what greylisting proponenets don't emphasise when they refer to the RFC that controls SMTP traffic, is that the word SHOULD has special meaning. If an RFC says MUST then an MTA must do as instructed. However, when an MTA receives an error from a remote server (which is what greylisting does):

451 Requested action aborted: error in processing

Then an MTA should try again. But in RFC parlance, that means it doesn't have to. If it doesn't retry it is still completely correctly adhering to the RFC. So the fault for delivery failure lies completely with the server that is greylisting. Indeed, the fact that exim does retry simply shows that their greylisting setup is broken.
 
Last edited:

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
My understanding of greylisting was that the email was only refused the first time that email address is seen. Surely, when Exim retries, you'd expect the email to go through. Do you know why the email is not getting through the second time? There's no doubt Exim would be retrying.

Based on this I suspect their implementation of greylisting is broken. I think a lot of people out there are using it, and you'd never know as it's completely transparent.