This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Greylist - how does it work

Hi all, I try to understand how the Greylist works, after reading several posts, correct me if I'm wrong.

1. The log below shows that 3 emails have been put in Greylisted because are 3 different messages?

2. This can be seen from the 3 differents MESSAGE ID (1cdCgQ-0007ju-2Q, 1cdCgV-0007k4-2R and 1cdCgW-0007k9-19)?

3. This mean that the sender SMTP does not meet current standards for re-try messages mail?

4. Last, all transactions of a single e-mail have always the code in brackets [29754, 29764 and 29769]?

1000 Thanks.

2017:02:13-10:12:30 bu1-1 exim-in[29754]: 2017-02-13 10:12:30 H=webmail.sensation.com (sensation.com) [85.12.33.11]:57811 Warning: domain.com profile excludes SANDBOX scan
2017:02:13-10:12:31 bu1-1 exim-in[29754]: 2017-02-13 10:12:31 1cdCgQ-0007ju-2Q ctasd reports 'Unknown' RefID:str=0001.0A0C0206.58A1787F.00E2,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2017:02:13-10:12:31 bu1-1 exim-in[29754]: 2017-02-13 10:12:31 1cdCgQ-0007ju-2Q Greylisting: Greylisted 85.12.33.11
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [1\45] 2017-02-13 10:12:31 1cdCgQ-0007ju-2Q H=webmail.sensation.com (sensation.com) [85.12.33.11]:57811 F=<prvs=1217dd5aa5=sender@domain.com> temporarily rejected after DATA: Temporary local problem, please try again!
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [2\45] Envelope-from: <prvs=1217dd5aa5=sender@domain.com>
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [3\45] Envelope-to: <recipient@domain.com>
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [4\45] P Received: from webmail.sensation.com ([85.12.33.11]:57811 helo=sensation.com)
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [5\45] by mx1.domain.com with esmtp (Exim 4.82_1-5b7a7c0-XX)
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [6\45] (envelope-from <prvs=1217dd5aa5=sender@domain.com>)
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [7\45] id 1cdCgQ-0007ju-2Q
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [8\45] for recipient@domain.com; Mon, 13 Feb 2017 10:12:30 +0100
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [9\45] X-CTCH-RefID: str=0001.0A0C0206.58A1787F.00E2,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [10\45] X-MDAV-Result: clean
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [11\45] X-MDAV-Processed: sensation.com, Mon, 13 Feb 2017 10:12:30 +0100
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [12\45] P Received: from Federicanew by sensation.com
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [13\45] with ESMTPA id 16-md50000127761.msg for <recipient@domain.com>;
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [14\45] Mon, 13 Feb 2017 10:12:29 +0100
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [15\45] X-Spam-Level: *
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [16\45] X-Spam-Status: No, score=1.80 required=5.0
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [17\45] X-Spam-Report:
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [18\45] * 0.0 FSL_HELO_NON_FQDN_1 No description available.
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [19\45] * 1.6 SUBJ_ALL_CAPS Subject is all capitals
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [20\45] * 0.0 HTML_MESSAGE BODY: HTML included in message
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [21\45] * 0.2 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [22\45] * 0.0 T_DOS_OUTLOOK_TO_MX_IMAGE Direct to MX with Outlook headers and an
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [23\45] * image
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [24\45] X-Spam-Processed: sensation.com, Mon, 13 Feb 2017 10:12:29 +0100
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [25\45] (processed during SMTP session)
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [26\45] X-MDRemoteIP: 151.84.120.91
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [27\45] X-MDHelo: Federicanew
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [28\45] X-MDArrival-Date: Mon, 13 Feb 2017 10:12:29 +0100
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [29\45] X-Authenticated-Sender: sender@domain.com
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [30\45] X-Return-Path: prvs=1217dd5aa5=sender@domain.com
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [31\45] X-Envelope-From: sender@domain.com
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [32\45] X-MDaemon-Deliver-To: recipient@domain.com
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [33\45] F From: "Name Sender" <sender@domain.com>
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [34\45] T To: "'Name Recipient'" <recipient@domain.com>
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [35\45] References: <468bd6ba55b54ca280c1fb2137254cc1@srv-mbx01.domain.com>
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [36\45] In-Reply-To: <468bd6ba55b54ca280c1fb2137254cc1@srv-mbx01.domain.com>
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [37\45] Subject: R: Subject ----- Subject
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [38\45] Date: Mon, 13 Feb 2017 10:09:46 +0100
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [39\45] I Message-ID: <005601d285d8$ec3fa5b0$c4bef110$@opereambiente.it>
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [40\45] MIME-Version: 1.0
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [41\45] Content-Type: multipart/related;
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [42\45] boundary="----=_NextPart_000_0057_01D285E1.4E067EB0"
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [43\45] X-Mailer: Microsoft Outlook 16.0
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [44\45] Thread-Index: AQHelv6FAq2WO4PNcu8tQRbRUKPjl6FOg0Kw
2017:02:13-10:12:31 bu1-1 exim-in[29754]: [45/45] Content-Language: it
2017:02:13-10:12:31 bu1-1 exim-in[29754]: 2017-02-13 10:12:31 SMTP connection from webmail.sensation.com (sensation.com) [85.12.33.11]:57811 closed by QUIT
2017:02:13-10:12:35 bu1-1 exim-in[29764]: 2017-02-13 10:12:35 H=webmail.sensation.com (sensation.com) [85.12.33.11]:57816 Warning: domain.com profile excludes SANDBOX scan
2017:02:13-10:12:36 bu1-1 exim-in[29764]: 2017-02-13 10:12:36 1cdCgV-0007k4-2R ctasd reports 'Unknown' RefID:str=0001.0A0C0202.58A17884.008A,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2017:02:13-10:12:36 bu1-1 exim-in[29764]: 2017-02-13 10:12:36 1cdCgV-0007k4-2R Greylisting: Greylisted 85.12.33.11
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [1\45] 2017-02-13 10:12:36 1cdCgV-0007k4-2R H=webmail.sensation.com (sensation.com) [85.12.33.11]:57816 F=<prvs=1217dd5aa5=sender@domain.com> temporarily rejected after DATA: Temporary local problem, please try again!
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [2\45] Envelope-from: <prvs=1217dd5aa5=sender@domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [3\45] Envelope-to: <recipient@domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [4\45] P Received: from webmail.sensation.com ([85.12.33.11]:57816 helo=sensation.com)
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [5\45] by mx1.domain.com with esmtp (Exim 4.82_1-5b7a7c0-XX)
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [6\45] (envelope-from <prvs=1217dd5aa5=sender@domain.com>)
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [7\45] id 1cdCgV-0007k4-2R
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [8\45] for recipient@domain.com; Mon, 13 Feb 2017 10:12:35 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [9\45] X-CTCH-RefID: str=0001.0A0C0202.58A17884.008A,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [10\45] X-MDAV-Result: clean
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [11\45] X-MDAV-Processed: sensation.com, Mon, 13 Feb 2017 10:12:30 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [12\45] P Received: from Federicanew by sensation.com
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [13\45] with ESMTPA id 16-md50000127761.msg for <recipient@domain.com>;
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [14\45] Mon, 13 Feb 2017 10:12:29 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [15\45] X-Spam-Level: *
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [16\45] X-Spam-Status: No, score=1.80 required=5.0
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [17\45] X-Spam-Report:
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [18\45] * 0.0 FSL_HELO_NON_FQDN_1 No description available.
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [19\45] * 1.6 SUBJ_ALL_CAPS Subject is all capitals
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [20\45] * 0.0 HTML_MESSAGE BODY: HTML included in message
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [21\45] * 0.2 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [22\45] * 0.0 T_DOS_OUTLOOK_TO_MX_IMAGE Direct to MX with Outlook headers and an
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [23\45] * image
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [24\45] X-Spam-Processed: sensation.com, Mon, 13 Feb 2017 10:12:29 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [25\45] (processed during SMTP session)
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [26\45] X-MDRemoteIP: 151.84.120.91
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [27\45] X-MDHelo: Federicanew
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [28\45] X-MDArrival-Date: Mon, 13 Feb 2017 10:12:29 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [29\45] X-Authenticated-Sender: sender@domain.com
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [30\45] X-Return-Path: prvs=1217dd5aa5=sender@domain.com
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [31\45] X-Envelope-From: sender@domain.com
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [32\45] X-MDaemon-Deliver-To: recipient@domain.com
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [33\45] F From: "Name Sender" <sender@domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [34\45] T To: "'Name Recipient'" <recipient@domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [35\45] References: <468bd6ba55b54ca280c1fb2137254cc1@srv-mbx01.domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [36\45] In-Reply-To: <468bd6ba55b54ca280c1fb2137254cc1@srv-mbx01.domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [37\45] Subject: R: Subject ----- Subject
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [38\45] Date: Mon, 13 Feb 2017 10:09:46 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [39\45] I Message-ID: <005601d285d8$ec3fa5b0$c4bef110$@opereambiente.it>
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [40\45] MIME-Version: 1.0
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [41\45] Content-Type: multipart/related;
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [42\45] boundary="----=_NextPart_000_0057_01D285E1.4E067EB0"
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [43\45] X-Mailer: Microsoft Outlook 16.0
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [44\45] Thread-Index: AQHelv6FAq2WO4PNcu8tQRbRUKPjl6FOg0Kw
2017:02:13-10:12:36 bu1-1 exim-in[29764]: [45/45] Content-Language: it
2017:02:13-10:12:36 bu1-1 exim-in[29764]: 2017-02-13 10:12:36 SMTP connection from webmail.sensation.com (sensation.com) [85.12.33.11]:57816 closed by QUIT
2017:02:13-10:12:36 bu1-1 exim-in[29769]: 2017-02-13 10:12:36 H=webmail.sensation.com (sensation.com) [85.12.33.11]:57823 Warning: domain.com profile excludes SANDBOX scan
2017:02:13-10:12:36 bu1-1 exim-in[29769]: 2017-02-13 10:12:36 1cdCgW-0007k9-19 ctasd reports 'Unknown' RefID:str=0001.0A0C0202.58A17884.02AE,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2017:02:13-10:12:36 bu1-1 exim-in[29769]: 2017-02-13 10:12:36 1cdCgW-0007k9-19 Greylisting: Greylisted 85.12.33.11
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [1\45] 2017-02-13 10:12:36 1cdCgW-0007k9-19 H=webmail.sensation.com (sensation.com) [85.12.33.11]:57823 F=<prvs=1217dd5aa5=sender@domain.com> temporarily rejected after DATA: Temporary local problem, please try again!
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [2\45] Envelope-from: <prvs=1217dd5aa5=sender@domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [3\45] Envelope-to: <recipient@domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [4\45] P Received: from webmail.sensation.com ([85.12.33.11]:57823 helo=sensation.com)
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [5\45] by mx1.domain.com with esmtp (Exim 4.82_1-5b7a7c0-XX)
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [6\45] (envelope-from <prvs=1217dd5aa5=sender@domain.com>)
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [7\45] id 1cdCgW-0007k9-19
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [8\45] for recipient@domain.com; Mon, 13 Feb 2017 10:12:36 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [9\45] X-CTCH-RefID: str=0001.0A0C0202.58A17884.02AE,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [10\45] X-MDAV-Result: clean
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [11\45] X-MDAV-Processed: sensation.com, Mon, 13 Feb 2017 10:12:30 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [12\45] P Received: from Federicanew by sensation.com
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [13\45] with ESMTPA id 16-md50000127761.msg for <recipient@domain.com>;
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [14\45] Mon, 13 Feb 2017 10:12:29 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [15\45] X-Spam-Level: *
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [16\45] X-Spam-Status: No, score=1.80 required=5.0
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [17\45] X-Spam-Report:
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [18\45] * 0.0 FSL_HELO_NON_FQDN_1 No description available.
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [19\45] * 1.6 SUBJ_ALL_CAPS Subject is all capitals
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [20\45] * 0.0 HTML_MESSAGE BODY: HTML included in message
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [21\45] * 0.2 SHORT_HELO_AND_INLINE_IMAGE Short HELO string, with inline image
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [22\45] * 0.0 T_DOS_OUTLOOK_TO_MX_IMAGE Direct to MX with Outlook headers and an
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [23\45] * image
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [24\45] X-Spam-Processed: sensation.com, Mon, 13 Feb 2017 10:12:29 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [25\45] (processed during SMTP session)
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [26\45] X-MDRemoteIP: 151.84.120.91
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [27\45] X-MDHelo: Federicanew
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [28\45] X-MDArrival-Date: Mon, 13 Feb 2017 10:12:29 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [29\45] X-Authenticated-Sender: sender@domain.com
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [30\45] X-Return-Path: prvs=1217dd5aa5=sender@domain.com
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [31\45] X-Envelope-From: sender@domain.com
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [32\45] X-MDaemon-Deliver-To: recipient@domain.com
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [33\45] F From: "Name Sender" <sender@domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [34\45] T To: "'Name Recipient'" <recipient@domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [35\45] References: <468bd6ba55b54ca280c1fb2137254cc1@srv-mbx01.domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [36\45] In-Reply-To: <468bd6ba55b54ca280c1fb2137254cc1@srv-mbx01.domain.com>
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [37\45] Subject: R: Subject ----- Subject
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [38\45] Date: Mon, 13 Feb 2017 10:09:46 +0100
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [39\45] I Message-ID: <005601d285d8$ec3fa5b0$c4bef110$@opereambiente.it>
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [40\45] MIME-Version: 1.0
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [41\45] Content-Type: multipart/related;
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [42\45] boundary="----=_NextPart_000_0057_01D285E1.4E067EB0"
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [43\45] X-Mailer: Microsoft Outlook 16.0
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [44\45] Thread-Index: AQHelv6FAq2WO4PNcu8tQRbRUKPjl6FOg0Kw
2017:02:13-10:12:36 bu1-1 exim-in[29769]: [45/45] Content-Language: it
2017:02:13-10:12:36 bu1-1 exim-in[29769]: 2017-02-13 10:12:36 SMTP connection from webmail.sensation.com (sensation.com) [85.12.33.11]:57823 closed by QUIT



This thread was automatically locked due to age.
  • with graylisting a message is rejected temporary, because spammers don't resend a mail.

    the sophos implementation use every serder-, receiver-adress, sender-IP, Subject kombination for a blacklist-record.

    so every mail is blacklisted first.

    some other vendors build a database with good sender/receiver combinations for subsequent mails, so these are submitted faster.

    check manual:

    Use greylisting: Greylisting basically means the temporary rejection of emails for a certain amount of time. Typically, a mail server using greylisting will record the following pieces of information for all incoming messages:

    • The sender address
    • The IP address of the host the message is sent from
    • The recipient address
    • The message subject

    This data set is checked against the SMTP proxy's internal database; if the data set has not been seen before, a record is created in the database along with a special time stamp describing it. This data set causes the email to be rejected for a period of five minutes. After that time the data set is known to the proxy and the message will be accepted when it is sent again. Note that the data set will expire after a week if it is not updated within this period.

     

     


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • I always wanted to know how long the greylist lasted from the point the first email was intercepted. Thanks.

    And does this mean that as long as there are emails rolling in from the same ip, emails will always be accepted once the ip has gone through greylisting?

    Or does an email on the 7th day have to go through the greylist process again to get email from the same ip address?

  • i try to send a second mail from same sender to same recipient but different subject 10 minutes after first message was submitted successfully.

    These message is run into graylisting too.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Dirk, until now, I thought that the SMTP Proxy in the UTM did not consider the subject, only the other three items, but your test demonstrates that that's not the way it works.

    If a second message with a different subject arrives before the first message is resent, the triplicate of Sender/Sender-IP/Recipient is still not yet accepted, so the second message also is temporarily rejected.

    If the second message arrives after the first message was resent and accepted, the second message will be accepted.

    Having said that, I don't believe that greylisting delivers any value.  I feel that RBLs and rDNS checks stop almost all spam that would have been blocked because it was not resent after being temporarily rejected.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • BAlfson said:
    Dirk, until now, I thought that the SMTP Proxy in the UTM did not consider the subject, only the other three items, but your test demonstrates that that's not the way it works.

    ...

    Me too. Learned now there are different ways of implementing a greylist feature. As described in this must be SMTP DATA Greylisting.

    Best regards

    Alex

    -