How can we improve?

Greylisting

I've had numerous legitimate emails greylisted for more than 24 hours because, apparently, the sending domain is resending from different email servers. I've seen this with gmail numerous times. A 24+ hour delay is too long and has forced me to bypass the greylist filtering for all popular email domains (gmail, yahoo, hotmail, mac.com). I would ask that:
1. Greylisting be modified to look at the domain name rather than the ip address of the email server
2. If that's not possible then this behavior should be explicitly detailed in GFI documentation and a list of email domains should be set forth that are particularly subject to this problem.

8 votes
Sign in
Signed in as (Sign out)

We’ll send you updates on this idea

Charles G. Henegar shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

7 comments

Sign in
Signed in as (Sign out)
Submitting...
  • Alexandre Racine commented  ·   ·  Flag as inappropriate

    One solution would simply be to query the MX domain to get all mail server adresses (mail1.gmail.com, mail2.gmail.com, etc) convert those to IP's and add all this to the database of the greylisting.

  • Frank Chiappetta commented  ·   ·  Flag as inappropriate

    Looks like another similar request. I will add my request here as this one has been voted up more than the other thread.

    I was going to create a new request, but I'll just add to this as it is similar enough. I think we all agree that Greylisting is a very important and effective filter. However, due to GFI MEs strict adherence to the triplet test, many emails are either exceedingly delayed, or unnecessarily lost as they are sent from large email systems that have more than one single mail server IP address. (This would include most medium/large, even small businesses in some cases.) I found one single legitimate message bounced by the Greylist roughly every 10-15 minutes for over 3 days. We simply cannot have this. The main idea of the Greylist is to temporarily delay messages sent on the first attempt from spammers who will never send the same message twice, thus effectively blocking a majority of the inbound junk email, allowing the message to pass the filter after a proper retry. It should not be blocking these same messages for hours/days on end. I understand why the triplet should be a good test, but in the real world, experience suggests otherwise.

    I'd like to suggest that a switch be introduced to allow GFI MailEssentials customers the ability to run the Greylist filter in a 'Relaxed mode.' That way the filter will only keep track of sender, recipient(s) (& maybe even include the message subject), disregarding the IP address that introduces the potential for massive delays and loss of email. That way email messages will have a better chance of being delivered on the second attempt passing the Greylist filter and then be subject to the further testing by the remaining designated filters. This will allow customers the ability to still utilize the very useful Greylist filter while avoiding the potential problems introduced by using it in strict mode (strict triplet test - Sender/Recipient/Sending IP)

    FWIW - I've used another Spam filtering system that utilized the Greylist, and I never had this much trouble using it. Emails sent in a second time passed the filter, period. Happy medium.

    Also, we unfortunately had to disable using the Greylist filter. It's simply too strict to use in a production business environment where emails are required to be delivered in a timely manner.

    Please everyone, it looks nice that you comment on these appearing to agree with the request, but you need to vote these up! GFI doesn't seem to care about any customer requests that don't have high enough votes!

  • Phillip Watson commented  ·   ·  Flag as inappropriate

    This could be mitigated if SPF checking could be done during SMTP transmission.

    I love greylisting - it blocks >1,000 junk emails a day for our "small" company - but services like gmail, outlook.com, office365 have too many mail servers to manually whitelist their IP's.

    I would suggest that SPF be performed during SMTP transmission, and that way SPF could replace Greylisting for domains that have SPF records. If a domain does not have an SPF record, the standard greylist check would be performed instead.

    This may require extra options in SPF and/or Greylist configuration, to specify whether a message should pass SPF AND Greylist checks, or if a mail server is ALLOWED (a PASS, not a SOFTFAIL) on an SPF check, the Greylist check is bypassed.

    As the Greylist check must be performed during SMTP transmission, I believe it would require SPF to be done during SMTP transmission as well.

  • Cristian Penco commented  ·   ·  Flag as inappropriate

    Same problem here, mail from gmail or google hosted servers took way too long. There should be some way of at least whitelisting google hosted mail domains. I'm forced to turn off grey listing because of that problem, even if the greylist is one of the most successful filter to block spam...or even to look for another vendor in antispam solutions.

  • Mustafa Goezel commented  ·   ·  Flag as inappropriate

    Same problem here!

    Please add the option to only compare senders e-mail address and subject and ignore IP-Adress

    For example some e-mails from GoogleMail took around 24hours to pass our greylisting because the came from several different IP adresses.

    In this case GFI Greylisting is unusable!

  • Jesse Berks commented  ·   ·  Flag as inappropriate

    [Comment date: 2015-01-09]
    I agree. It seems that greylisting catches huge amounts of spam, but I do also run into this issue. Maybe rDNS compare, I'm not sure but this should be fixed.

  • Anonymous commented  ·   ·  Flag as inappropriate

    [Comment date: 2015-01-16]
    I would also like to use greylisting but have found the rejection rate for legitimate senders to be too high. The rejections I've seen are most often from Exchange senders (which seems odd to me). I don't understand why the whitelisting for these senders appears to be unreliable. When greylisting works, it's amazingly effective.

Feedback and Knowledge Base