Greylisting must notify of blocked emails.

[iTecan]

I like greylisting, it cleans emails a lot and lets pass the validated ones. The problem is that it does not notify the domain itself that an email has been blocked due to not being validated.
I am currently running mail servers without SPF registration. Even world renowned mail servers.

Those Greylisting emails automatically block them and sometimes it happens that the external server does not forward the email.
When Greylisting receives an email without SPF registration, it should send a notification to the account indicating that an email has been blocked due to not complying with the SPF registration.

Can you configure that?
If not, I'm going to have to disable it.

Thanks.

 

[cPanelLauren]

Greylisting doesn't permanently reject mail - it temporarily rejects it

When enabled, the mail server will temporarily reject any email from a sender that the server does not recognize. If the email is legitimate, the originating server tries to send it again after a delay. After sufficient time passes, the server accepts the email.

Greylisting identifies incoming email by triplets. A triplet is a collection of three pieces of data: the IP address, the sender’s address, and the recipient’s address. By deferring unknown triplets, Greylisting filters spam and allows legitimate email a second chance to pass through.

That documentation also goes over the features enabled with GreyListing

 

[keat63]

There's a particular feature that I don't like with Greylisting, which made me turn it off.
Whilst Greylisting can work, I feel that it's flawed.

As far as I understand it, Greylisting works by delaying the delivery until the sending server performs a retry.
Some larger corporate mail servers have multiple IP addresses working on a rotation.

Mailserver A, sends you an email using IP address 1.1.1.1

This email gets greylisted at your end until 1.1.1.1 retries.
Detecting that the email never made it, MailServer A, resends it, only this time using I.P 2.2.2.2

This email gets greylisted at your end until 2.2.2.2 retries.
Detecting that the email never made it, MailServer A, resends it, only this time using I.P 3.3.3.3

This email gets greylisted at your end until 3.3.3.3 retries.
Detecting that the email never made it, MailServer A, resends it, only this time using I.P 4.4.4.4

See where this is going ??
There could be instances where the email gets lost in a loop, or delayed beyond a point that I would consider reasonable.

 

[iTecan]

I think the same as @ keat63.
Also I have detected that it is not capable of authenticating complex SPFs. I present the case:

* Greylisting receives mail from a Host that detects that it has SPF as softail but is not able to allow it to pass.


Checking the log I have discovered how this SPF has been created, which I will explain below:
- record SPF: "v=spf1 a mx +include:spf.raiolanetworks.com ~all"

This record is correct. Indicates that it includes the SPF of that domain. The SPF for that domain is constructed as follows:
- record SPF: "v=spf1 +a:spf.raiolanetworks.com +include:spf.spampredator.com ~all"

The + a element, as we all know, collects all the IPs of that domain and have multiple records as follows:
- record A: spf.raiolanetworks.com IN IP1
- record A: spf.raiolanetworks.com IN IP2
- record A: spf.raiolanetworks.com IN IP3
- record A: spf.raiolanetworks.com IN IP4
- ...
- ...
- ...

I have hidden the IPs with the alias IPx

This is a valid SPF record but Greylisting does not allow it to pass, so I have had to allow it by hand.
This problem has been detected when a customer asks about missing emails.

I do not know why, but I would like to indicate it in case, in some updates, this type of complex checks can be included.
I will continue to give greylisting a chance, although I have had to raise the trust time to a full day, since there are Sender Hosts that take to forward the mail almost 24 hours.

Thank you all.

 

[red.dev83]

I think the same as @ keat63.
Also I have detected that it is not capable of authenticating complex SPFs. I present the case:

* Greylisting receives mail from a Host that detects that it has SPF as softail but is not able to allow it to pass.
View attachment 65465

Checking the log I have discovered how this SPF has been created, which I will explain below:
- record SPF: "v=spf1 a mx +include:spf.raiolanetworks.com ~all"

This record is correct. Indicates that it includes the SPF of that domain. The SPF for that domain is constructed as follows:
- record SPF: "v=spf1 +a:spf.raiolanetworks.com +include:spf.spampredator.com ~all"

The + a element, as we all know, collects all the IPs of that domain and have multiple records as follows:
- record A: spf.raiolanetworks.com IN IP1
- record A: spf.raiolanetworks.com IN IP2
- record A: spf.raiolanetworks.com IN IP3
- record A: spf.raiolanetworks.com IN IP4
- ...
- ...
- ...

I have hidden the IPs with the alias IPx

This is a valid SPF record but Greylisting does not allow it to pass, so I have had to allow it by hand.
This problem has been detected when a customer asks about missing emails.

I do not know why, but I would like to indicate it in case, in some updates, this type of complex checks can be included.
I will continue to give greylisting a chance, although I have had to raise the trust time to a full day, since there are Sender Hosts that take to forward the mail almost 24 hours.

Thank you all.

Hello ITecan,

How to make Greylisting check SPF like the picture you attach? where can i find this configuration?
thanks

 

[iTecan]

Hello ITecan,

How to make Greylisting check SPF like the picture you attach? where can i find this configuration?
thanks

hello @red.dev83,
That photo corresponds to the Mail Delivery Reports section (Home -> Email -> Mail Delivery Reports) of WHM.

You have a historical of all incoming / outgoing emails from the last 10 days with several filters to apply.

 

[red.dev83]

hello@ @red.dev83,
That photo corresponds to the Mail Delivery Reports section (Home -> Email -> Mail Delivery Reports) of WHM.

You have a historical of all incoming / outgoing emails from the last 10 days with several filters to apply.

hello @iTecan

how can I get the SPF: softfail text in the image?
while in the attachment that I attached my SPF was unchecked? many thanks

 

[iTecan]

hello @iTecan

how can I get the SPF: softfail text in the image?
while in the attachment that I attached my SPF was unchecked? many thanks

Hello red.dev83,
You can't get that text, that makes it greylisting getting information from the sender's SPF record.
Softail is indicated when the SPF record ends in ~all, indicating that even if the authentication does not pass, it will let the email pass even if it is not 100% verified, so it will most likely go to the SPAM tray.
But you can't act against SPF records from DNS zones you don't control.

In the case that I presented, I blindly trusted those emails, so I had to add the IPs as trusted, using the dig command to get all the current IPs from that record.

If you need those emails to be detected as valid you should do the same.

 

[MustaphaG]

Hello there,
is there a way to disable the greylist in the day and activate it at night automaticly? please i really need to find out this.
thank you in advance

 

[keat63]

Not out of the box as far as I'm aware.
Maybe possible with script and cron job of some sort, but that's way beyond my capabilities.