Dealing with customers that want their emails to arrive in ~30 seconds

[Denis Gomes Franco]

Hey guys, newbie here, migrating from Plesk after having some issues there.

So, how do I deal with a customer that wants their messages (sent from other websites not hosted by me) delivered in about 30 seconds? I kid you not.

This particular customer is complaining that when he sends a message from that other website to his @icloud.com account, the message arrives immediately, whereas when he sends the message to his account hosted by me, it takes around 2-3 minutes to arrive.

Absurd, I know, but what the heck... And the weird thing is, he says that when I was using Plesk it was really faster.

I understand it might take some time for the server to analyze the message but... how do you guys deal with this kind of situation? Greylisting is not enabled, sites are running fast, the server has plenty of resources... And yeah, this is the kind of guy that complains about every little thing. FML.

 

[cPanelMichael]

Hello @Denis Gomes Franco,

It's possible the Introduce a delay into the SMTP transaction for unknown hosts and messages detected as spam option found under the ACL Options tab in WHM >> Exim Configuration Manager >> Basic Editor is having some effect on the delivery speed. The default value is set to delay emails from unknown hosts for 20 seconds.

You could explain that part of the reason for the delivery time is to reduce the potential for SPAM. You may also want to perform a test to measure how long it actually takes for delivery from a remote mail server to an email account hosted on the cPanel server. While testing, use the "tail -f /var/log/exim_mainlog" command to monitor which stage of the delivery takes the longest.

Thank you.

 

[Denis Gomes Franco]

Hi Michael, thanks for getting back to me. There is no ACL tab in Tweak Settings (running v78.0.11 here). I also couldn't find any option with 'DELAY' or 'UNKNOWN' in its nem in Tweak Settings.

I actually explained to the customer that 2-3 minutes is quite standard and that Spamassassin actually has to scan messages before delivery, so this should be accounted. I hope this lowered his expectations a little bit.

But what about these 'unknown hosts'? Would Cpanel still delay messages from these hosts after receiving one legitimate message from them? Tell me more about it.

 

[cPanelMichael]

Hello @Denis Gomes Franco,

My mistake, the interface is WHM >> Exim Configuration Manager >> Basic Editor. I've modified my previous post to reflect this.

But what about these 'unknown hosts'? Would Cpanel still delay messages from these hosts after receiving one legitimate message from them? Tell me more about it.

Here's the option's description:

The SMTP receiver will wait a few additional seconds for a connection when it detects spam messages in order to reduce inbound spam. The system excludes the following remote hosts from the delay: Neighbor IP addresses in the same netblock, Loopback addresses, Trusted Mail Hosts, Relay Hosts, Backup MX Hosts, Skip SMTP Checks Host, Sender Verify Bypass Hosts.

The delay is applicable to any remote host that isn't on the exclusion list in the description above.

Thank you.

 

[Denis Gomes Franco]

Okay, found it and disabled it. I'll ask the customer to test this out. Goddamnit, these people....

Now, as a newbie sysadmin, I'm curious, how does this option help fight spam?

 

[cPanelMichael]

Now, as a newbie sysadmin, I'm curious, how does this option help fight spam?

Legitimate mailing systems will typically wait past the delay, whereas spammers are often unable to wait past the delay because they are trying to send out SPAM to as many email addresses as possible before the spamming server is shutdown or blacklisted. In testing this is shown to be one of the most effective strategies at preventing incoming SPAM messages.

Thank you.

 

[Denis Gomes Franco]

Isn't that what greylisting is? (Which BTW is disabled in my server). Or is it different?

Great explanation, now I have an argument for when the customer starts complaining about too much spam ("You complained about messages getting delayed, so [email protected] off").

 

[cPanelMichael]

Hello @Denis Gomes Franco,

Greylisting uses a different method to help prevent SPAM. Here's the description from our Greylisting document:

Greylisting identifies incoming email by triplets. A triplet is a collection of three pieces of data: the IP address, the sender's address, and the recipient's address. By deferring unknown triplets, Greylisting filters spam and allows legitimate email a second chance to pass through.

When enabled, the mail server will temporarily reject any email from a sender that the server does not recognize. If the email is legitimate, the originating server tries to send it again after a delay. After sufficient time passes, the server accepts the email.

The linked document includes more technical details about how it works.

Thank you.