Print Page | Close Window

Grey Listening

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6532
Printed Date: 15 December 2017 at 8:40pm


Topic: Grey Listening
Posted By: rafael
Subject: Grey Listening
Date Posted: 03 August 2008 at 3:05pm
How long is the average delay, when using grey listening ?



Replies:
Posted By: LogSat
Date Posted: 03 August 2008 at 9:10pm
The delay is encountered for the very first email sent by a remote server, and should be on average about 20 minutes. Please note that, while other greylisting implementations introduce this delay for each sender and for each recipient, SpamFilter will only introduce the delay for the very first email from a certain provider to any of your users. So, if for example you implement greylisting, and I send you an email from logsat.com, there will be about 20 minutes delay for that email to be delivered. If after 30 minutes I (or another logsat employee) sends an email to another user in your domain, there will not be any delays as there are none after the first email.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: JeffHildebrand
Date Posted: 06 August 2008 at 1:07pm
Is there anyway to prevent a range of IP's from being greylisted?  Basicly I would like to not have our network addresses greylisted so out going email is not delayed.


Posted By: Desperado
Date Posted: 06 August 2008 at 4:25pm
Jeff,
 
// New to VersionNumber = '4.0.0.773';
{TODO -cNew : Allowed to specify future dates in the GreyListAllowed.txt files so that IPs can be stored in the list for years without expiring}
So, what you do is stop the SpamFilter service and edit the GreyListAllowed.txt file and add something like:
66.166.66.166~43100.1111111111
Save the file and start the SpamFilter Service.
 
This will force 66.166.66.166 to NOT be Grey Listed for something just under 10 years or so.  This DOES NOT White List the IP ... just prevents the Grey Listing delay.
 
At this time, only single IP's are accepted so if you have a /24 to list, I would creat a list of 256 entries using something like Excel or even a micro in UltraEdit and increment the final octet of the IP address and past the resulting list in the actual GreyListAllowed.txt file.  Kinda painful but you only need to do it once every 10 years or so!


-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com



Posted By: JeffHildebrand
Date Posted: 06 August 2008 at 7:11pm

Thanks for the prompt reply, it looks like that will do the trick.  We had 15 computers get grey listed this morning, and most cleared up after the grey listing delay, with the exception of one.  It kept bouncing back and forth between limbo and the greylist.  Below is an abridged copy of our log, each "will add to allowed list" was where one email went through, but it would get added back to limbo shortly there after.  We are running in non enterprised mode, and the greylistallowed.txt file has just over 38000 records in it.

08/06/08 09:10:51:421 -- (7876) GreyList limbo - Added 66.166.66.166
08/06/08 09:16:39:078 -- (4448) GreyList cache - 66.166.66.166 removed from limbo, will add to allowed list
08/06/08 09:24:43:234 -- (8040) GreyList limbo - Added 66.166.66.166
08/06/08 09:29:45:437 -- (5964) GreyList cache - 66.166.66.166 removed from limbo, will add to allowed list
08/06/08 09:43:56:046 -- (6452) GreyList limbo - Added 66.166.66.166
08/06/08 09:52:39:812 -- (4824) GreyList cache - 66.166.66.166 removed from limbo, will add to allowed list
08/06/08 09:53:16:937 -- (5680) GreyList limbo - Added 66.166.66.166
08/06/08 10:03:24:765 -- (2640) GreyList cache - 66.166.66.166 removed from limbo, will add to allowed list
08/06/08 10:18:45:937 -- (6464) GreyList limbo - Added 66.166.66.166
08/06/08 10:26:29:609 -- (7696) GreyList cache - 66.166.66.166 removed from limbo, will add to allowed list
08/06/08 11:37:54:843 -- (7236) GreyList limbo - Added 66.166.66.166
08/06/08 11:45:59:078 -- (6504) GreyList cache - 66.166.66.166 removed from limbo, will add to allowed list
08/06/08 11:48:54:750 -- (7060) GreyList limbo - Added 66.166.66.166
08/06/08 11:48:54:750 -- (7060) IP is in not in GreyList Allowed. Disconnecting: 66.166.66.166



Posted By: mbrusl
Date Posted: 08 August 2008 at 1:15am
For creating lists, for just about any combination of IPs, I would recommend using Block Manager.  its free and you can get it here http://www.bluetack.co.uk/blmhelp  Download the program and read thru the readme and docs.  It'll save you a ton of time.  It save me allot of time.





-------------
Michael
support@spacequad.com
If blocked, use spacequad@hotmail.com
Spacequad Internet Services
Spacequad AntiSpam Services
Thunder Bay, Ontario
--------------------------------------------------


Posted By: WebGuyz
Date Posted: 03 February 2009 at 4:15pm
Beating my favorite dead horse. Any more thoughts on synchronizing greylisting between multiple spamfilters when using SFE? Since more time has gone by and everything else is fixed I thought I would check in about this.
 
Find myself having more customers asking me to remove one of the MX entries in their DNS so that when they get emails from new customers, they don't bounce between our 2 SFE's and take over an hour to deliver. Starting to wonder whats the point of having more then one SFE. Confused


-------------
http://www.webguyz.net


Posted By: LogSat
Date Posted: 03 February 2009 at 9:42pm
Sorry WebGuyz, there still is not a solution for this...

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: WebGuyz
Date Posted: 06 February 2009 at 1:30am
Anyone out there ever get a list of IP addresses of major ISP's sending servers?
 
Had a new customer who has IBM as a customer and the IBM SPF record lists 2 Class C ranges as sending IP's for IBM mail. Between our 2 SFE's they've had emails take over 24 hours because of bouncing between multiple IBM IP's and our 2 SFE's. Needless to say they are pi$$ed. I have just finished adding 512 IPs into the greylist manually and would love to do the same for msn, yahoo, gmail, and hotmail.
 
Would be so nice if SFE could do pattern matching on the greylisted IP so even if we didn't know the exact IP blocks that send email for someone like hotmail, we could put in their first 2 octets into some kind of list that SFE could use instead of a matching an exact single IP as it does now.
 
How do the rest of you guyz with multiple SFE's handle this? Manually insert IP blocks into greylist? I wouldn't mind doing it if I could get a reliable list of IP's.
 
Thanks!


-------------
http://www.webguyz.net


Posted By: tcig
Date Posted: 06 February 2009 at 5:28am
We did it this way:
checked the IP of the major ISP with just nslookup like this:
nslookup
set query=mx
hotmail.com

we pushed in all the ip's with greylisting forever.
Little work, but helps.

It would be nice if this procedure can be integrated as a table in Spamfilter.
A refresh from time to time would give you always the latest mx-record of the never ending Greylisted IP's.


Posted By: WebGuyz
Date Posted: 07 February 2009 at 1:46pm
Been thinking about this and the only way that I could think of that would not require major reprogramming (I'm guessing of course) would be to allow wild cards to be manually inserted for greylistallowed file and followed by a reboot of spamfilter.
 
32.197.*~23533.1234312
 
if you read the list into memory and parse each IP as it comes it, you could do the same pattern matching as you do whitelisting IP's where you can do a range. If an IP matches the range then let it thru but do not add that individual IP to the list since there is a wildcard range already in there.
 
I'm thinking this would be the least amount of impact and give us a fighting chance to try and fight the perception that our mail service delivery is slow because sometimes it takes hours to get an email. By adding ranges as we encounter them we could speed everything up by less retries of valid email by senders companies with a lot of mail servers. I'm sure members here could swap valid ranges with other members as they encounter them.
 
Geek


-------------
http://www.webguyz.net



Print Page | Close Window