Greylisting problems

I've analyzed my situation with a 2nd Level engineer and we came to the conclusion that the behaviour is by design. We found no error in the logs but we both agreed that "Soft Greylisting" would be a great feature to implement.

So if anyone else agrees with me please upvote the following idea: ideas.sophos.com/.../35364796-implement-soft-greylisting

Hey,

I have an update. After the update to 17.5 I activated it again at a customer who is very sensible about delayed mails and until now I did not here anything from him. So I suppose that the main problem may be solved with the new mail engine.

But nonetheless you all should vote for "Soft Greylisting":

Hey,

I have an update. After the update to 17.5 I activated it again at a customer who is very sensible about delayed mails and until now I did not here anything from him. So I suppose that the main problem may be solved with the new mail engine.

But nonetheless you all should vote for "Soft Greylisting":

Well, at least the sender gets greylisted every time again. Just checked with 17.5.4-1

And at the same time I see emails which are not greylisted, the first attempt just passes...

FloSupport can you give an explanation of how greylisting currently works in XG?

Jelle said:

can you give an explanation of how greylisting currently works in XG?

I can.

It doesn't.

Hi Jelle 

The current behavior of greylisting as you mentioned is outlined in the SFOS help.

• Select Use greylisting if you want the firewall to temporarily reject inbound emails from IP addresses of unknown email servers. Legitimate servers retry sending the rejected emails at regular intervals and the firewall accepts these mails, greylisting the sender’s IP address for a specific period.

After enabling the Greylisting feature, the Sophos XG Firewall first rejects all emails from unknown senders with SMTP status code 421 and send a response to the sender mail server with "Your email could not be delivered. Please try again later." If the sender is legitimate, the sending mail server will keep that rejected email in its delivery queue for next send attempt.

The XG Firewall will then wait for the re-delivery of the same email by the sender mail server. Since the sender is legitimate, the sender mail server will re-send the same email which the XG Firewall will recognize. The XG Firewall will then accept the email and keep the sender mail server's IP address in the trusted mail server list.

Regards,

Hi FloSupport 

So there IS a trusted mail server list? This is not in the documentation. Is it persistent or will entries be deleted after some time?

If a mail server sending spam mails is on the trusted mail server list, will these mails still undergo other checks like SPF or RBL?

Hi Jelle 

The XG flushes the sender server IP from the trusted list after a month or a week of inactivity, whichever comes first. Yes, the XG still performs the normal checks for incoming mail, as the trusted list only affects greylisting.

Hope that helps!

Regards,

Hi all,

I reactivated greylisting now that SFOS 17.5.4-1 is installed. So far I'm quite happy with it as it works until now without any issues. I don't know which changes have been made but it improved a lot. The first time I tried with an older firmware before 17.5 it was a mess. Still the soft greylisting option would be helpful.

Thanks FloSupport for the explanations.

Where is this "Trusted Mail Server List"? Is there a way to view this list to make sure the MTA is trusting legit email servers? I'd like to verify this feature works before I go whitelisting domains we do business with on a consistent basis. Just enabled greylisting last night. So far I am happy with how well it is working, minus the delays incurred for using. A functioning Trusted Mail Server List should help with those delays I would assume.

Thanks,

Andrew Kletke