This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mail Delay when receiving mail from Microsoft Cloud (Office 365)

Hi, we have multiple Sophos UTM and also XGs in place. running very fine except...

...all Mails from Office365 to Sophos are EVERY time delay for 15 minutes.

So I went to mail header and figured out to all mails from Microsoft:

srvvsophos exim-in[8614]: 2021-11-24 18:04:55 1mpvhW-0002Ew-1h Greylisting: Greylisted 40.107.135.43

Every mail from office365 is every time greylisted. They NEVER leave that.

Turning off greylisting in Sophos . All fine.

I will not believe that Office365 cloud is greylisted 24X365...

Any hints?

Best from Berlin

Gernot



This thread was automatically locked due to age.
  • Hallo Gernot,

    Kiekema hier: https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

    I'lI bet you can use just a few of the IPv4 subnets from there for a greylisting exception.  You can see what IPs were greylisted and then passed in November with:

         zgrep 'Successful greylist retry' /var/log/smtp/2021/11/*|grep -oP ' from .*? \('|sort -n|uniq -c|more

    Please let us know which subnets you used.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Gernot,

    graylisting isn't a feature to block a domain/sender ...

    Every connection attempt user -> user may be graylisted at the first attempt.

    The next attempt passes because there is already a graylist entry.

    Afterwards, the next communication may pass too ... except something changes ... sender IP-for example. I think this is what we see with O356 often.

    Greetings from Potsdam,


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Greylisting is a feature from the past. The actual value of this feature was even then not the highest. Nowadays, the usage of greylisting was drastically reduced in the last decades due the disadvantageous and as better techniques came up. 

    https://en.wikipedia.org/wiki/Greylisting_(email)

    __________________________________________________________________________________________________________________

  • Well, Toni, I appreciate that it likely doesn't stop many spams that wouldn't be stopped by the SMTP Proxy's other antispam tools, but I just took a look at a small install and found that more than 2 out of 3 greylisted emails were not resent.

    # zgrep 'Successful greylist retry' /var/log/smtp/2021/11/*|wc -l
    432
    # zgrep 'Greylisted' /var/log/smtp/2021/11/*|wc -l
    1357

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • This could be a success story or it could be: 2 of 3 emails are lost and could be legit. You never know. Thats the issue with Greylisting. Using a 4xx code to "please retry" could potentially loose you valuable emails. 

    __________________________________________________________________________________________________________________