Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 29 replies
  • Answers 2 answers
  • Subscribers 36 subscribers
  • Views 36255 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Greylisting problems

Charmacas

Hey,

what is bothering me a lot is that Greylisting is not working. That feature does help with Spam but it is not helpful when the mails arrive sometimes half-a-day or even 4 days later. Also when any mail goes through exactly that constellation of sender and receipient should get listed in a database and the next mail should just go through. That also does not work!

Sophos Support told me that they are reworking the mail module completely. I saw a lot of changes in 17.1 GA regarding the mail module but it does not look like they rewrote it. And now with v17.1.2 there are no major changes in the mail module again and nothing about Greylisting can be seen in the changelog. I really hope that Sophos is about to do something in that direction!

Anyone else having problems with Greylisting?



This thread was automatically locked due to age.
  • 0 in reply to Charmacas

    Well, at least the sender gets greylisted every time again. Just checked with 17.5.4-1

  • 0 in reply to Jelle

    And at the same time I see emails which are not greylisted, the first attempt just passes...

    can you give an explanation of how greylisting currently works in XG?

  • 0 in reply to Jelle

    Jelle said:
    can you give an explanation of how greylisting currently works in XG?

    I can.

     

    It doesn't.

  • 0 in reply to Jelle

    Hi  

    The current behavior of greylisting as you mentioned is outlined in the SFOS help.

    • Select Use greylisting if you want the firewall to temporarily reject inbound emails from IP addresses of unknown email servers. Legitimate servers retry sending the rejected emails at regular intervals and the firewall accepts these mails, greylisting the sender’s IP address for a specific period.

    After enabling the Greylisting feature, the Sophos XG Firewall first rejects all emails from unknown senders with SMTP status code 421 and send a response to the sender mail server with "Your email could not be delivered. Please try again later." If the sender is legitimate, the sending mail server will keep that rejected email in its delivery queue for next send attempt.

    The XG Firewall will then wait for the re-delivery of the same email by the sender mail server. Since the sender is legitimate, the sender mail server will re-send the same email which the XG Firewall will recognize. The XG Firewall will then accept the email and keep the sender mail server's IP address in the trusted mail server list.

    Regards,

  • 0 in reply to FloSupport

    Hi  

    So there IS a trusted mail server list? This is not in the documentation. Is it persistent or will entries be deleted after some time?

    If a mail server sending spam mails is on the trusted mail server list, will these mails still undergo other checks like SPF or RBL?

  • +1 in reply to Jelle

    Hi  

    The XG flushes the sender server IP from the trusted list after a month or a week of inactivity, whichever comes first. Yes, the XG still performs the normal checks for incoming mail, as the trusted list only affects greylisting.

    Hope that helps!

    Regards,

  • 0 in reply to FloSupport

    Hi all,

    I reactivated greylisting now that SFOS 17.5.4-1 is installed. So far I'm quite happy with it as it works until now without any issues. I don't know which changes have been made but it improved a lot. The first time I tried with an older firmware before 17.5 it was a mess. Still the soft greylisting option would be helpful.

    Thanks for the explanations.

  • 0 in reply to FloSupport

    Where is this "Trusted Mail Server List"? Is there a way to view this list to make sure the MTA is trusting legit email servers? I'd like to verify this feature works before I go whitelisting domains we do business with on a consistent basis. Just enabled greylisting last night. So far I am happy with how well it is working, minus the delays incurred for using. A functioning Trusted Mail Server List should help with those delays I would assume.

    Thanks,

    Andrew Kletke

  • 0

    there is a big issue with greylisting in XG, which renders the feature pretty much useless. In most cases, we even end up completely disable it. 

    we've noticed that big relay networks like office365, Trensmicro, gmail etc.  use different IP addresses for the retransmit, thus greylisting blockes the mails over and over again. (screenshot)

     

    the big flaw is, that you can only configure exceptions on host objects and not:

    - Network objects

    - IP range objects

    - FQDN objects like *.outbound.protection.outlook.com

     that would at least help to disable greylisting specifically for legit networks rather than deactivating the feature completely.