The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel/Exim dealing with other servers that implement greylisting

Discussion in 'General Discussion' started by ichthus, Mar 4, 2006.

  1. ichthus

    ichthus Registered

    Joined:
    May 1, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    We have a local university that is implementing greylisting on their mailservers, and many of my users send mail through my cPanel enabled server. Many of these emails never get there and bounce back after about 5 days because exim isnt configured to send mail to servers that have this technique implemented. The "workaround" they suggest is to send the same copy of the email twice one time, and then it will work from then on. But only this sender/recipient combination is added to the whitelist, so you would have to do it for EVERY email address that you want to send to. I find this unacceptable.

    Believe me, I am not a proponent of greylisting.... I think spammers could just get around it with that simple workaround if they wanted. But, other people in the world swear by it and are using it... so can we make our mail servers work with it?

    Thanks-
    Kevin
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    The best work around this issue is the university putting your IPs or domain names in their whitelist. For more information, read http://projects.puremagic.com/greylisting/whitepaper.html
     
  3. ichthus

    ichthus Registered

    Joined:
    May 1, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    I'll try that, but what if there were 50 servers out there that implemented greylisting? Would I have to go to each and every one and request my server IP to be added to their whitelist?
     
  4. ichthus

    ichthus Registered

    Joined:
    May 1, 2003
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Also, their site says if the server was properly configured to meet "internet standards", then their servers would accept the mail no problem.
    http://www.ietf.org/rfc/rfc2821.txt
     
  5. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    I guess, unless otherwise :)
    Allow me to ask you this, Is rDNS implemented on your server? make sure your server is properly configured, secured and up-to-date.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    They always say that and it is rubbish. Greylisting may be great in theory, but it in practice it breaks the proper delivery, especially if it's not setup correctly. I positively hate the concept of denying delivery of email and expecting the sending server to try again - it's a dishonest way to run an MTA, IMHO :) There are much better ways of dealing with spam issues.

    Unless the recipient fixes how they're doing things or is wiliing to investigate there's little you can do since the problem is entirely at their end, not yours.

    BTW, what greylisting proponenets don't emphasise when they refer to the RFC that controls SMTP traffic, is that the word SHOULD has special meaning. If an RFC says MUST then an MTA must do as instructed. However, when an MTA receives an error from a remote server (which is what greylisting does):

    451 Requested action aborted: error in processing

    Then an MTA should try again. But in RFC parlance, that means it doesn't have to. If it doesn't retry it is still completely correctly adhering to the RFC. So the fault for delivery failure lies completely with the server that is greylisting. Indeed, the fact that exim does retry simply shows that their greylisting setup is broken.
     
    #6 chirpy, Mar 4, 2006
    Last edited: Mar 4, 2006
  7. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    38
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    My understanding of greylisting was that the email was only refused the first time that email address is seen. Surely, when Exim retries, you'd expect the email to go through. Do you know why the email is not getting through the second time? There's no doubt Exim would be retrying.

    Based on this I suspect their implementation of greylisting is broken. I think a lot of people out there are using it, and you'd never know as it's completely transparent.
     
Loading...

Share This Page