Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 29 replies
  • Answers 2 answers
  • Subscribers 49 subscribers
  • Views 39109 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Greylisting problems

Charmacas

Hey,

what is bothering me a lot is that Greylisting is not working. That feature does help with Spam but it is not helpful when the mails arrive sometimes half-a-day or even 4 days later. Also when any mail goes through exactly that constellation of sender and receipient should get listed in a database and the next mail should just go through. That also does not work!

Sophos Support told me that they are reworking the mail module completely. I saw a lot of changes in 17.1 GA regarding the mail module but it does not look like they rewrote it. And now with v17.1.2 there are no major changes in the mail module again and nothing about Greylisting can be seen in the changelog. I really hope that Sophos is about to do something in that direction!

Anyone else having problems with Greylisting?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Charmacas

    To be honest this "soft greylisting" is not a solution to your problems described in your thread. I wonder how the the current behaviour could be by design?

    I understand your idea about "soft greylisting" but it does not care about emails being stuck for hours or emails from same senders being greylisted every time as far as I understand.

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Jelle

    Jelle said:

    To be honest this "soft greylisting" is not a solution to your problems described in your thread.

    I am referring especially to that problem:

    Charmacas said:

    Also when any mail goes through exactly that constellation of sender and receipient should get listed in a database and the next mail should just go through. That also does not work!

    And in that case it absolutely makes sense to me.

     

    Jelle said:

    I understand your idea about "soft greylisting" but it does not care about emails being stuck for hours or emails from same senders being greylisted every time as far as I understand.

    Yeah this is another problem which I think has nothing to do with the firewall itself. I think this is all about the mail servers which are sending the mails because sometimes these servers behave strange and then the next try may come 12 hours later and after getting rejected again they may double this time...
  • 0 in reply to Charmacas

    If the current behaviour is by design I wonder who is using it at all right now.

    Well, I voted for your idea hoping that the greylisting feature will be more useful with that option.

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Jelle

    Personally speaking, I am not a friend of greylisting. 

    Same like on UTM. All the times, you have to maintain your exception list for greylisting because many of the mail vendors/providers use multiple IP addresses or cannot work with the greylisting (temp 4xx error in smtp). 

    As far as i know, there will be SPF in XG next version (major release). This is kinda the best solution against Spam from my point of view. 

    Greylisting can cause some issues with the "huge" delay in the mail communication. Basically users except to use mail in real time. 

     

    *edit* 

    I am referring to the general greylisting issue, not the issue related to this case. 

    __________________________________________________________________________________________________________________

  • 0 in reply to Charmacas

    Hey,

    I have an update. After the update to 17.5 I activated it again at a customer who is very sensible about delayed mails and until now I did not here anything from him. So I suppose that the main problem may be solved with the new mail engine.

    But nonetheless you all should vote for "Soft Greylisting":

  • 0 in reply to Charmacas

    Well, at least the sender gets greylisted every time again. Just checked with 17.5.4-1

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Jelle

    And at the same time I see emails which are not greylisted, the first attempt just passes...

    can you give an explanation of how greylisting currently works in XG?

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Jelle

    Jelle said:
    can you give an explanation of how greylisting currently works in XG?

    I can.

     

    It doesn't.

  • 0 in reply to Jelle

    Hi  

    The current behavior of greylisting as you mentioned is outlined in the SFOS help.

    • Select Use greylisting if you want the firewall to temporarily reject inbound emails from IP addresses of unknown email servers. Legitimate servers retry sending the rejected emails at regular intervals and the firewall accepts these mails, greylisting the sender’s IP address for a specific period.

    After enabling the Greylisting feature, the Sophos XG Firewall first rejects all emails from unknown senders with SMTP status code 421 and send a response to the sender mail server with "Your email could not be delivered. Please try again later." If the sender is legitimate, the sending mail server will keep that rejected email in its delivery queue for next send attempt.

    The XG Firewall will then wait for the re-delivery of the same email by the sender mail server. Since the sender is legitimate, the sender mail server will re-send the same email which the XG Firewall will recognize. The XG Firewall will then accept the email and keep the sender mail server's IP address in the trusted mail server list.

    Regards,

    Florentino
    Director, Global Community & Digital Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question, please use the 'Verify Answer' button.
    The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
  • 0 in reply to FloSupport

    Hi  

    So there IS a trusted mail server list? This is not in the documentation. Is it persistent or will entries be deleted after some time?

    If a mail server sending spam mails is on the trusted mail server list, will these mails still undergo other checks like SPF or RBL?

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

Unfiltered HTML