Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 29 replies
  • Answers 2 answers
  • Subscribers 49 subscribers
  • Views 39113 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Greylisting problems

Charmacas

Hey,

what is bothering me a lot is that Greylisting is not working. That feature does help with Spam but it is not helpful when the mails arrive sometimes half-a-day or even 4 days later. Also when any mail goes through exactly that constellation of sender and receipient should get listed in a database and the next mail should just go through. That also does not work!

Sophos Support told me that they are reworking the mail module completely. I saw a lot of changes in 17.1 GA regarding the mail module but it does not look like they rewrote it. And now with v17.1.2 there are no major changes in the mail module again and nothing about Greylisting can be seen in the changelog. I really hope that Sophos is about to do something in that direction!

Anyone else having problems with Greylisting?



This thread was automatically locked due to age.
  • 0 in reply to Charmacas

    If the current behaviour is by design I wonder who is using it at all right now.

    Well, I voted for your idea hoping that the greylisting feature will be more useful with that option.

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Jelle

    Personally speaking, I am not a friend of greylisting. 

    Same like on UTM. All the times, you have to maintain your exception list for greylisting because many of the mail vendors/providers use multiple IP addresses or cannot work with the greylisting (temp 4xx error in smtp). 

    As far as i know, there will be SPF in XG next version (major release). This is kinda the best solution against Spam from my point of view. 

    Greylisting can cause some issues with the "huge" delay in the mail communication. Basically users except to use mail in real time. 

     

    *edit* 

    I am referring to the general greylisting issue, not the issue related to this case. 

    __________________________________________________________________________________________________________________

  • 0

    Greylisting doesn't work at all.

     

    I have removed the sender, recipient and subject for privacy reasons, but they are all identical for the logs below

     

  • 0 in reply to Stuart James

    Except the fix for this in V17.5 with Exim. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    More than 12 months to fix a basic bug. I love Sophos. They’re the best.

  • 0 in reply to Stuart James

    V17.5 beta is released.

    Did you file a bug report for this? 

    __________________________________________________________________________________________________________________

  • 0

    Using v17.5 and still greylisting is causing a lot of delay from the same known sender.

    With SG UTM I don't get this delay.

    So why greylisting in SG is better than XG?

  • 0 in reply to AhmedMaher

    Thanks for the update. So I'm not going to test greylisting again in 17.5. Still waiting for a fixed greylisting feature...

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Jelle

    Just came across this . almost 5 months later...

    Sophos help says: "Select Use greylisting if you want the firewall to temporarily reject inbound emails from IP addresses of unknown email servers. Legitimate servers retry sending the rejected emails at regular intervals and the firewall accepts these mails, greylisting the sender’s IP address for a specific period."

    So I wonder what are "unknown email servers" in this context. From my testing and as written in this thread every email server is unknown again and again as there ist no database in XG which remembers successful resenders.

    Has there been any update on this somewhere?

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Charmacas

    Hey,

    I have an update. After the update to 17.5 I activated it again at a customer who is very sensible about delayed mails and until now I did not here anything from him. So I suppose that the main problem may be solved with the new mail engine.

    But nonetheless you all should vote for "Soft Greylisting":

Unfiltered HTML