Greylisting problems

Hey,

what is bothering me a lot is that Greylisting is not working. That feature does help with Spam but it is not helpful when the mails arrive sometimes half-a-day or even 4 days later. Also when any mail goes through exactly that constellation of sender and receipient should get listed in a database and the next mail should just go through. That also does not work!

Sophos Support told me that they are reworking the mail module completely. I saw a lot of changes in 17.1 GA regarding the mail module but it does not look like they rewrote it. And now with v17.1.2 there are no major changes in the mail module again and nothing about Greylisting can be seen in the changelog. I really hope that Sophos is about to do something in that direction!

Anyone else having problems with Greylisting?

  • Same issue for me to will be raising a support case when i get the time 

  • In reply to Paul Tatlock:

    I already have a case. If you want you can refer to that: 8292204

  • In reply to Charmacas:

    Cheers .  Will Refer to it when i raise a ticket 

     

    :)

  • FWIW there is a release coming this year that will have the full UTM (SG) email filtering module in it, which is great 'cause the XG native module isn't all that great.

  • In reply to BrucekConvergent:

    That's what I also heard from the support. Where do you have this information from?

  • In reply to Charmacas:

    I'm a Platinum Partner... I hear things :)

     

    Also I believe it's published somewhere in regards to future release notes.

  • I've analyzed my situation with a 2nd Level engineer and we came to the conclusion that the behaviour is by design. We found no error in the logs but we both agreed that "Soft Greylisting" would be a great feature to implement.

    So if anyone else agrees with me please upvote the following idea: ideas.sophos.com/.../35364796-implement-soft-greylisting

  • In reply to Charmacas:

    To be honest this "soft greylisting" is not a solution to your problems described in your thread. I wonder how the the current behaviour could be by design?

    I understand your idea about "soft greylisting" but it does not care about emails being stuck for hours or emails from same senders being greylisted every time as far as I understand.

  • In reply to Jelle:

    Jelle

    To be honest this "soft greylisting" is not a solution to your problems described in your thread.

    I am referring especially to that problem:

    Charmacas

    Also when any mail goes through exactly that constellation of sender and receipient should get listed in a database and the next mail should just go through. That also does not work!

    And in that case it absolutely makes sense to me.

     

    Jelle

    I understand your idea about "soft greylisting" but it does not care about emails being stuck for hours or emails from same senders being greylisted every time as far as I understand.

    Yeah this is another problem which I think has nothing to do with the firewall itself. I think this is all about the mail servers which are sending the mails because sometimes these servers behave strange and then the next try may come 12 hours later and after getting rejected again they may double this time...
  • In reply to Charmacas:

    If the current behaviour is by design I wonder who is using it at all right now.

    Well, I voted for your idea hoping that the greylisting feature will be more useful with that option.

  • In reply to Jelle:

    Personally speaking, I am not a friend of greylisting. 

    Same like on UTM. All the times, you have to maintain your exception list for greylisting because many of the mail vendors/providers use multiple IP addresses or cannot work with the greylisting (temp 4xx error in smtp). 

    As far as i know, there will be SPF in XG next version (major release). This is kinda the best solution against Spam from my point of view. 

    Greylisting can cause some issues with the "huge" delay in the mail communication. Basically users except to use mail in real time. 

     

    *edit* 

    I am referring to the general greylisting issue, not the issue related to this case. 

  • Greylisting doesn't work at all.

     

    I have removed the sender, recipient and subject for privacy reasons, but they are all identical for the logs below

     

  • In reply to Stuart James:

    Except the fix for this in V17.5 with Exim. 

  • In reply to LuCar Toni:

    More than 12 months to fix a basic bug. I love Sophos. They’re the best.