CTO, Convergent Information Security Solutions, LLC
https://www.convergesecurity.com
Sophos Platinum Partner
--------------------------------------
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Bruce, a new thread in the German Forum got me to thinking about this conversation over four years ago, so I did some more research and testing. They all speak English and it's easier for me to respond in English. I posted the following there:
I haven't recommend greylisting for years, but others whom I respect do, so I'm experimenting with it again. I saw a 2018 study where roughly 2/3 of greylisted emails were finally delivered, with 1/3 not retried - one assumes those were from spammers. One of my clients that uses greylisting saw only 56% retried successfully so far in June.
I had thought that the SMTP Proxy used only the triad of sending IP, sender and recipient, but I realize now that it also uses the subject. This means that greylisting occurs after DATA, so that's after rejections for RBL, rDNS/HELO, local Blacklists, Recipient verification and SPF. I also see ctasd reports 'unknown' in the line above the greylisted message, so we know that the temporary rejection occurs after the anti-spam tests that would result in rejection have been passed. The advantage is that malware scans, which are expensive, are skipped unless the message is resent and accepted.
There are situations where Exceptions for greylisting should be made such as addresses to which orders are sent where there's a cut-off time. Also, mailing services like Constant Contact will use a different IP virtually every time a greylisted email is resent.
I would appreciate your comments/corrections here or on the German thread.
Cheers - Bob
Bruce, a new thread in the German Forum got me to thinking about this conversation over four years ago, so I did some more research and testing. They all speak English and it's easier for me to respond in English. I posted the following there:
I haven't recommend greylisting for years, but others whom I respect do, so I'm experimenting with it again. I saw a 2018 study where roughly 2/3 of greylisted emails were finally delivered, with 1/3 not retried - one assumes those were from spammers. One of my clients that uses greylisting saw only 56% retried successfully so far in June.
I had thought that the SMTP Proxy used only the triad of sending IP, sender and recipient, but I realize now that it also uses the subject. This means that greylisting occurs after DATA, so that's after rejections for RBL, rDNS/HELO, local Blacklists, Recipient verification and SPF. I also see ctasd reports 'unknown' in the line above the greylisted message, so we know that the temporary rejection occurs after the anti-spam tests that would result in rejection have been passed. The advantage is that malware scans, which are expensive, are skipped unless the message is resent and accepted.
There are situations where Exceptions for greylisting should be made such as addresses to which orders are sent where there's a cut-off time. Also, mailing services like Constant Contact will use a different IP virtually every time a greylisted email is resent.
I would appreciate your comments/corrections here or on the German thread.
Cheers - Bob