Greylisting issues in XG v18

I am trying greylisting again now that I have v18 installed. Kind of working, but ...

In the mail log I have noticed that there are up to 6 emails rejected in a row over 2-3 minutes for the same email message / sender before one 5-15 minutes later finally gets through.

10-20 minute delay is not a problem for most emails, except MFA requests and password resets. Annoying!

turning it off again unless someone can tell me why the IP database isn’t registering and allowing it more quickly.

running XG 18 as a hyper-v software appliance.

  • Hi  

    Greylisting will prevent spam by rejecting a message the first time. It is presented to Sophos XG Firewall by notifying the sending server that it is currently busy. When the message is re-transmitted by the sending server, Sophos XG Firewall will recognize the combination of IP, sender e-mail address and receiver e-mail address and accept the mail.

  • In reply to Keyur:

    Thanks, yes I understand that.

    But it is rejecting the same email attempt up to 6 times BEFORE it then it finally lets it through. Not after the first rejection - creating an extra time delay.

    Is there a time delay written into the logic, or does it just take a few minutes to register in a database before it is able to recognize the email as a previous attempt?

    For example here is a redacted one from the mail log.

    2020-03-02 20:05:57

    Delivered

    010001709a79d2fb-283 ...

    me@aa.bbbbb.net

    Reset Your Password

    106 KB

    2020-03-02 20:02:42

    Rejected

    010001709a79d2fb-283 ...

    me@aa.bbbbb.net

    Reset Your Password

    0 Bytes

    2020-03-02 20:02:21

    Rejected

    010001709a79d2fb-283 ...

    me@aa.bbbbb.net

    Reset Your Password

    0 Bytes

    2020-03-02 20:01:40

    Rejected

    010001709a79d2fb-283 ...

    me@aa.bbbbb.net

    Reset Your Password

    0 Bytes

    2020-03-02 20:01:17

    Rejected

    010001709a79d2fb-283 ...

    me@aa.bbbbb.net

    Reset Your Password

    0 Bytes

    2020-03-02 20:00:59

    Rejected

    010001709a79d2fb-283 ...

    me@aa.bbbbb.net

    Reset Your Password

    0 Bytes

    2020-03-02 20:00:45

    Rejected

    010001709a79d2fb-283 ...

    me@aa.bbbbb.net

    Reset Your Password

    0 Bytes

  • In reply to NH1:

    Hi  

    This data set is checked against the SMTP proxy's internal database; if the data set has not been seen before, a record is created in the database along with a special timestamp describing it. This data set causes the email to be rejected for a period of five minutes. After that time the data set is known to the proxy and the message will be accepted when it is sent again. Note that the data set will expire after 30 days if it is not updated within this period.

  • In reply to Keyur:

    Awesome, thanks for your reply.

    Don't think the 5 minute delay is mentioned in any descriptions of greylisting - they all just say after the first.

    But with that helpful knowledge of the functionality I will enable it again, as it does get rid of a lot of spam!

  • In reply to NH1:

    Hi  

    Thank you for your feedback, I will forward this to concern team.

    Please reach out to us for further assistance.