SOLUTION:
This is a problem that we faced 2 years ago.. On big mail services like gmail, hotmail etc it's normal that every message, even from the same sender, comes from a different smtp server, therefore a different IP address.
For this reason, we have created a new option that allows to whitelist sender domains, IP addresses, or CIDRs in the greylist filter. In this case it could be enough to whitelist hotmail.com in the senders list of the greylist filter
PROBLEM:
We are testing grey listing (default on with protector) and see that mail from hotmail.com will never be delivered. So the greylisting is useless at the moment.
Tested:
Grey Listing Delay (1 minutes)
Grey Listing Autowhitelist (90 days)
The problem is that the retry is coming from a new IP address (not in the database offcoarse L )
Workaround 1:
Use known SPF to make an exeption for Hotmail servers (probably more needed, gmail?
To do this you have to create 39 objects for network ranges. I made mine in 4 network groups named after the SPF records for future maintenance.
spf-a.hotmail.com
spf-b.hotmail.com
spf-c.hotmail.com
spf-d.hotmail.com
Once that's make and exception to skip greylisting for those objects and mail will flow nice and fast if legitimate hotmail mail.
Workaround 2:
Another list (copied from our GB-Ware GTA.com firewall)
Name: Email Greylisting
Description: Broken mail servers that don't follow RFC 2821
Type: Mail Proxy
Index Object Address Description
1 IP 204.107.120.10 Ameritrade (no retry)
2 IP 217.158.50.178 AXKit mailing list (unique sender per attempt)
3 IP 64.125.132.254 collab.net (unique sender per attempt)
4 IP 66.135.197.0/24 Ebay (common pool)
5 IP 66.135.209.0/24 Ebay (for time critical alerts)
6 IP 66.100.210.82 Groupwise?
7 IP 66.162.216.166 Groupwise?
8 IP 194.245.101.88 Joker.com (email forwarding server)
9 IP 12.107.209.244 kernel.org mailing lists (unique sender per attempt)
10 IP 66.27.51.218 ljbtc.com (Groupwise)
11 IP 64.124.204.39 moveon.org (unique sender per attempt)
12 IP 213.136.52.31 Mysql.com (unique sender per attempt)
13 IP 211.29.132.0/24 optusnet.com.au (wierd retry pattern and more than 48hrs)
14 IP 66.206.22.82 PLEXOR
15 IP 66.206.22.83 PLEXOR
16 IP 66.206.22.84 PLEXOR
17 IP 66.206.22.85 PLEXOR
18 IP 200.46.204.71 postgresql.com (unique sender per attempt)
19 IP 200.46.204.254 postgresql.com (unique sender per attempt)
20 IP 200.46.208.251 postgresql.com (unique sender per attempt)
21 IP 207.115.63.0/24 Prodigy (broken software that retries continually with no delay)
22 IP 205.206.231.0/24 SecurityFocus.com (unique sender per attempt)
23 IP 64.7.153.18 sentex.ca (common pool)
24 IP 205.211.164.50 sentex.ca (common pool)
25 IP 195.238.2.0/24 skynet.be (wierd retry pattern, common pool)
26 IP 195.238.3.0/24 skynet.be (wierd retry pattern, common pool)
27 IP 63.82.37.110 SLmail
28 IP 209.132.176.174 sourceware.org mailing lists (unique sender per attempt)
29 IP 12.5.136.141 Southwest Airlines (unique sender, no retry)
30 IP 12.5.136.142 Southwest Airlines (unique sender, no retry)
31 IP 12.5.136.143 Southwest Airlines (unique sender, no retry)
32 IP 12.5.136.144 Southwest Airlines (unique sender, no retry)
33 IP 63.169.44.143 Southwest Airlines (unique sender, no retry)
34 IP 63.169.44.144 Southwest Airlines (unique sender, no retry)
35 IP 195.235.39.19 Tid InfoMail Exchanger v2.20
36 Address Object <Email Hosting Services> Email hosting services
Name: Email Hosting Services
Description: Email hosting services that don't follow RFC 2821
Type: Mail Proxy
Index Object Address Description
1 IP 207.171.168.0/24 Amazon.com (common pool)
2 IP 207.171.180.0/24 Amazon.com (common pool)
3 IP 207.171.187.0/24 Amazon.com (common pool)
4 IP 207.171.188.0/24 Amazon.com (common pool)
5 IP 207.171.190.0/24 Amazon.com (common pool)
6 IP 64.12.90.0/24 AOL (common pool)
7 IP 64.12.137.0/24 AOL (common pool)
8 IP 64.12.138.0/24 AOL (common pool)
9 IP 64.12.139.0/24 AOL (common pool)
10 IP 152.163.225.0/24 AOL (common pool)
11 IP 205.188.139.136 AOL (common pool)
12 IP 205.188.139.137 AOL (common pool)
13 IP 205.188.144.207 AOL (common pool)
14 IP 205.188.144.208 AOL (common pool)
15 IP 205.188.156.66 AOL (common pool)
16 IP 205.188.157.0/24 AOL (common pool)
17 IP 205.188.159.7 AOL (common pool)
18 IP 64.233.162.0/24 Gmail.com (common pool)
19 IP 64.233.170.0/24 Gmail.com (common pool)
20 IP 64.233.182.0/24 Gmail.com (common pool)
21 IP 64.233.184.0/24 Gmail.com (common pool)
22 IP 209.85.128.0/17 Gmail.com (common pool)
23 IP 65.55.169.0/24 Outlook.com (common pool)
24 IP 104.47.0.0/16 Outlook.com (common pool)
25 IP 157.56.110.0/24 Outlook.com (common pool)
26 IP 157.56.111.0/24 Outlook.com (common pool)
27 IP 207.46.100.0/24 Outlook.com (common pool)
28 IP 66.94.236.0/24 Yahoo Groups servers (common pool, no retry)
29 IP 66.94.237.0/24 Yahoo Groups servers (common pool, no retry)
30 IP 66.94.238.0/24 Yahoo Groups servers (common pool, no retry)
31 IP 66.218.66.0/24 Yahoo Groups servers (common pool, no retry)
32 IP 66.218.67.0/24 Yahoo Groups servers (common pool, no retry)
33 IP 66.218.69.0/24 Yahoo Groups servers (common pool, no retry)
34 IP 68.142.200.0/24 Yahoo Groups servers (common pool, no retry)
35 IP 98.138.90.0/24 Yahoo Groups servers (common pool, no retry)
36 IP 98.138.229.0/24 Yahoo Groups servers (common pool, no retry)
37 IP 98.139.52.0/24 Yahoo Groups servers (common pool, no retry)
Comments
0 comments
Please sign in to leave a comment.