This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exception for Greylisting by geo location (countries)

Hi sophos community,

we are currently testing a SG210 mainly because of our high spam mail income. One feature, which interest us in particular, is the greylisting antispam feature.

Unfortunately we couldn't find a convenient way to add an exception for greylisting by originating countries. I saw the country blocking feature under "Network Protection" -> "Firewall" so i guess that the appliance itself or a sophos online service provide a database with IP Ranges and their originating Countries.

Is there a way to make use of the Country Blocking Lists in the "Email Protection" -> "SMTP" -> "Exceptions" Area?

Our intention is to whitelist all german ip's from greylisting. Our company mostly communicates with german organisations. Emails send to us from other countries are most likely spam and we don't want the 15 minutes delay for all our incomming mails due to greylisting.



This thread was automatically locked due to age.
Parents
  • Hi,

    You cannot explicitly define country blocking with GreyListing feature, but you can use the country blocking for specific services (here- SMTP, POP and IMAP).

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Hi sachingurung,

    thanks for your reply. Too bad, that this feature doesn't exists. Could you clarify the following line under under "Email Protection" -> "SMTP" -> "AntiSpam" -> "Advanced anti-spam features":

     

    Greylisting builds and uses a database of ’known-good’ SMTP hosts that resend messages after receiving a temporary error

     

    Does this mean that Mail Server, which successfully resend mails after a "greylisting bounce" are no longer greylisted (so mails from theese servers are no longer bounced)

    Greetings

    Alex

  • Hi Alex,

    Greylisting uses the fact that most senders of spam messages use software based on the "fire-and-forget" method: Try to deliver the mail and if it doesn’t work, forget it! This means that senders of spam mail do not try to send emails again when there is a temporary failure. The assumption is that since temporary failures are built into the RFC specifications for email delivery, a legitimate server will try again to send the email later, at which time the destination will accept it. Hence, once the server resends a mail it will be sent successfully. 

    You can raise the country blocking feature associated with grey-listing here.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Problem is:

    1. with greylisting - all emails are greylisted. They continue to be greylisted which can cause a delay

    2. Country blocking with smtp - does what it says on the tin. problem is, you don't know where the mail server will be and if it's in one of the blocked countries, you are screwed. You could keep putting exceptions in constantly.

    The UTM would be far better that when it sent to somewhere, it could ignore the country blocking and allow 10s for the the remote MTA to do an rDNS lookup.

Reply
  • Problem is:

    1. with greylisting - all emails are greylisted. They continue to be greylisted which can cause a delay

    2. Country blocking with smtp - does what it says on the tin. problem is, you don't know where the mail server will be and if it's in one of the blocked countries, you are screwed. You could keep putting exceptions in constantly.

    The UTM would be far better that when it sent to somewhere, it could ignore the country blocking and allow 10s for the the remote MTA to do an rDNS lookup.

Children
  • Sachin's information is exactly correct, but I'm with Louis in recommending against both Greylisting and Country Blocking for what you want to accomplish.

    In fact, without using Greylisting, only about 1% of emails received by the UTM will be quarantined, and most of those represent legitimate senders where your recipient doesn't recall asking to be on a mailing list.  These would not be blocked by Greylisting, and only a small portion of the others would.

    Of the emails not delivered to your users, 96% will be stopped by, in order of importance: rDNS, RBLs, "No such recipient," SPF & BATV.  These checks all occur at SMTP time, so the complete headers and content of the message are never received.  I guess that, as far as the load on your UTM and the volume of SMTP traffic received is concerned, there's no net savings with Greylisting, so all emails are slowed down for no net gain of resources.  Of the total of emails actually received and scanned for Anti-Virus and Anti-Spam, about 90% are delivered to your users and two thirds of the rest get rejected.  Again, this is all without Greylisting active.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA