Print Page | Close Window

Grey Listening

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
Printed Date: 22 March 2018 at 4:09am

Topic: Grey Listening
Posted By: rafael
Subject: Grey Listening
Date Posted: 03 August 2008 at 3:05pm
How long is the average delay, when using grey listening ?

Posted By: LogSat
Date Posted: 03 August 2008 at 9:10pm
The delay is encountered for the very first email sent by a remote server, and should be on average about 20 minutes. Please note that, while other greylisting implementations introduce this delay for each sender and for each recipient, SpamFilter will only introduce the delay for the very first email from a certain provider to any of your users. So, if for example you implement greylisting, and I send you an email from, there will be about 20 minutes delay for that email to be delivered. If after 30 minutes I (or another logsat employee) sends an email to another user in your domain, there will not be any delays as there are none after the first email.

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Posted By: JeffHildebrand
Date Posted: 06 August 2008 at 1:07pm
Is there anyway to prevent a range of IP's from being greylisted?  Basicly I would like to not have our network addresses greylisted so out going email is not delayed.

Posted By: Desperado
Date Posted: 06 August 2008 at 4:25pm
// New to VersionNumber = '';
{TODO -cNew : Allowed to specify future dates in the GreyListAllowed.txt files so that IPs can be stored in the list for years without expiring}
So, what you do is stop the SpamFilter service and edit the GreyListAllowed.txt file and add something like:
Save the file and start the SpamFilter Service.
This will force to NOT be Grey Listed for something just under 10 years or so.  This DOES NOT White List the IP ... just prevents the Grey Listing delay.
At this time, only single IP's are accepted so if you have a /24 to list, I would creat a list of 256 entries using something like Excel or even a micro in UltraEdit and increment the final octet of the IP address and past the resulting list in the actual GreyListAllowed.txt file.  Kinda painful but you only need to do it once every 10 years or so!

The Desperado
Dan Seligmann.

Posted By: JeffHildebrand
Date Posted: 06 August 2008 at 7:11pm

Thanks for the prompt reply, it looks like that will do the trick.  We had 15 computers get grey listed this morning, and most cleared up after the grey listing delay, with the exception of one.  It kept bouncing back and forth between limbo and the greylist.  Below is an abridged copy of our log, each "will add to allowed list" was where one email went through, but it would get added back to limbo shortly there after.  We are running in non enterprised mode, and the greylistallowed.txt file has just over 38000 records in it.

08/06/08 09:10:51:421 -- (7876) GreyList limbo - Added
08/06/08 09:16:39:078 -- (4448) GreyList cache - removed from limbo, will add to allowed list
08/06/08 09:24:43:234 -- (8040) GreyList limbo - Added
08/06/08 09:29:45:437 -- (5964) GreyList cache - removed from limbo, will add to allowed list
08/06/08 09:43:56:046 -- (6452) GreyList limbo - Added
08/06/08 09:52:39:812 -- (4824) GreyList cache - removed from limbo, will add to allowed list
08/06/08 09:53:16:937 -- (5680) GreyList limbo - Added
08/06/08 10:03:24:765 -- (2640) GreyList cache - removed from limbo, will add to allowed list
08/06/08 10:18:45:937 -- (6464) GreyList limbo - Added
08/06/08 10:26:29:609 -- (7696) GreyList cache - removed from limbo, will add to allowed list
08/06/08 11:37:54:843 -- (7236) GreyList limbo - Added
08/06/08 11:45:59:078 -- (6504) GreyList cache - removed from limbo, will add to allowed list
08/06/08 11:48:54:750 -- (7060) GreyList limbo - Added
08/06/08 11:48:54:750 -- (7060) IP is in not in GreyList Allowed. Disconnecting:

Posted By: mbrusl
Date Posted: 08 August 2008 at 1:15am
For creating lists, for just about any combination of IPs, I would recommend using Block Manager.  its free and you can get it here  Download the program and read thru the readme and docs.  It'll save you a ton of time.  It save me allot of time.

If blocked, use
Spacequad Internet Services
Spacequad AntiSpam Services
Thunder Bay, Ontario

Posted By: WebGuyz
Date Posted: 03 February 2009 at 4:15pm
Beating my favorite dead horse. Any more thoughts on synchronizing greylisting between multiple spamfilters when using SFE? Since more time has gone by and everything else is fixed I thought I would check in about this.
Find myself having more customers asking me to remove one of the MX entries in their DNS so that when they get emails from new customers, they don't bounce between our 2 SFE's and take over an hour to deliver. Starting to wonder whats the point of having more then one SFE. Confused


Posted By: LogSat
Date Posted: 03 February 2009 at 9:42pm
Sorry WebGuyz, there still is not a solution for this...

Roberto Franceschetti" rel="nofollow - LogSat Software" rel="nofollow - Spam Filter ISP

Posted By: WebGuyz
Date Posted: 06 February 2009 at 1:30am
Anyone out there ever get a list of IP addresses of major ISP's sending servers?
Had a new customer who has IBM as a customer and the IBM SPF record lists 2 Class C ranges as sending IP's for IBM mail. Between our 2 SFE's they've had emails take over 24 hours because of bouncing between multiple IBM IP's and our 2 SFE's. Needless to say they are pi$$ed. I have just finished adding 512 IPs into the greylist manually and would love to do the same for msn, yahoo, gmail, and hotmail.
Would be so nice if SFE could do pattern matching on the greylisted IP so even if we didn't know the exact IP blocks that send email for someone like hotmail, we could put in their first 2 octets into some kind of list that SFE could use instead of a matching an exact single IP as it does now.
How do the rest of you guyz with multiple SFE's handle this? Manually insert IP blocks into greylist? I wouldn't mind doing it if I could get a reliable list of IP's.


Posted By: tcig
Date Posted: 06 February 2009 at 5:28am
We did it this way:
checked the IP of the major ISP with just nslookup like this:
set query=mx

we pushed in all the ip's with greylisting forever.
Little work, but helps.

It would be nice if this procedure can be integrated as a table in Spamfilter.
A refresh from time to time would give you always the latest mx-record of the never ending Greylisted IP's.

Posted By: WebGuyz
Date Posted: 07 February 2009 at 1:46pm
Been thinking about this and the only way that I could think of that would not require major reprogramming (I'm guessing of course) would be to allow wild cards to be manually inserted for greylistallowed file and followed by a reboot of spamfilter.
if you read the list into memory and parse each IP as it comes it, you could do the same pattern matching as you do whitelisting IP's where you can do a range. If an IP matches the range then let it thru but do not add that individual IP to the list since there is a wildcard range already in there.
I'm thinking this would be the least amount of impact and give us a fighting chance to try and fight the perception that our mail service delivery is slow because sometimes it takes hours to get an email. By adding ranges as we encounter them we could speed everything up by less retries of valid email by senders companies with a lot of mail servers. I'm sure members here could swap valid ranges with other members as they encounter them.


Print Page | Close Window