Hi, we have multiple Sophos UTM and also XGs in place. running very fine except...
...all Mails from Office365 to Sophos are EVERY time delay for 15 minutes.
So I went to mail header and figured out to all mails from Microsoft:
srvvsophos exim-in[8614]: 2021-11-24 18:04:55 1mpvhW-0002Ew-1h Greylisting: Greylisted 40.107.135.43
Every mail from office365 is every time greylisted. They NEVER leave that.
Turning off greylisting in Sophos . All fine.
I will not believe that Office365 cloud is greylisted 24X365...
Any hints?
Best from Berlin
Gernot
Hi Gernot,graylisting isn't a feature to block a domain/sender ...Every connection attempt user -> user may be graylisted at the first attempt.The next attempt passes because there is already a graylist entry.Afterwards, the next communication may pass too ... except something changes ... sender IP-for example. I think this is what we see with O356 often.
Greetings from Potsdam,
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
Greylisting is a feature from the past. The actual value of this feature was even then not the highest. Nowadays, the usage of greylisting was drastically reduced in the last decades due the disadvantageous and as better techniques came up.
https://en.wikipedia.org/wiki/Greylisting_(email)
__________________________________________________________________________________________________________________
Well, Toni, I appreciate that it likely doesn't stop many spams that wouldn't be stopped by the SMTP Proxy's other antispam tools, but I just took a look at a small install and found that more than 2 out of 3 greylisted emails were not resent.
# zgrep 'Successful greylist retry' /var/log/smtp/2021/11/*|wc -l 432# zgrep 'Greylisted' /var/log/smtp/2021/11/*|wc -l1357
Cheers - Bob
This could be a success story or it could be: 2 of 3 emails are lost and could be legit. You never know. Thats the issue with Greylisting. Using a 4xx code to "please retry" could potentially loose you valuable emails.