Greylisting - check against a higher subnet class?
Greylisting - check against a higher subnet class?
Instead of the sending server needing to have the exact ip address as before, is it possible to change it so that only the first 2 or 3 octets need to match? I think this would make greylisting less intrusive particularly from mail servers like gmail, or yahoo that rarely send from the same ip address.
Re: Greylisting - check against a higher subnet class?
I never played with it, but it is possible to allow the subnets.
see the file /etc/sqlgrey/sqlgrey.conf
By default it is set to smart, if you set it to classc the subnet is allowed after one host within the subnet is validated.
The 'smart' option is default but it hardly seems to work correctly for google/yahoo etc like you mention.
After changing this you will probably need to restart the sql grey service.
I never tried it myself but let is know, will test myself if I got the time
see the file /etc/sqlgrey/sqlgrey.conf
By default it is set to smart, if you set it to classc the subnet is allowed after one host within the subnet is validated.
The 'smart' option is default but it hardly seems to work correctly for google/yahoo etc like you mention.
Code: Select all
## Greylisting method:
# - full : greylist by IP address
# - classc : greylist by class C network. eg:
# 2.3.4.6 connection accepted if 2.3.4.145 did connect earlier.
# - smart : greylist by class C network unless there is no reverse lookup
# or it looks like a home-user address.
# NOTE: IPv6 addresses are treated the same way in 'classc' and 'smart':
# First the algorithm decides whether the address is in a EUI-64 form
# or not. If it is then the whole /64 subnet is regarded as "class C"
# and all the hosts from that subnet are greylisted with the same
# rule. For non-EUI-64 addresses the full address is processed.
# Default is smart
# greymethod = smart
I never tried it myself but let is know, will test myself if I got the time
Version eFa 4.x now available!
Re: Greylisting - check against a higher subnet class?
Just made the change. Still learning a lot about the ins and outs of this. Probably will be for a long time. Been a Mailenable user for nearly 10 years now so I'm mainly used to how they do things - log files, config files, etc etc. Obviously EFA has a bit of a learning curve for me.
Looking at the Greylist/Domains section on the web interface it seems like it's already done alright with whitelisting a few gmail addresses before I made the change, so perhaps the change wasn't absolutely necessary. But since you mentioned that "smart" doesn't always work well with gmail and yahoo I'm going to go ahead and leave the setting in place.
Thanks for the quick response!
Looking at the Greylist/Domains section on the web interface it seems like it's already done alright with whitelisting a few gmail addresses before I made the change, so perhaps the change wasn't absolutely necessary. But since you mentioned that "smart" doesn't always work well with gmail and yahoo I'm going to go ahead and leave the setting in place.
Thanks for the quick response!
Re: Greylisting - check against a higher subnet class?
Mostly, I'd just leave it alone.
I had the same "problem" when I first turned on the efa device. Lots of mail from google was getting temporarily bounced.
After a few days, the greylist database was populated and mail would just go through without delays.
I had the same "problem" when I first turned on the efa device. Lots of mail from google was getting temporarily bounced.
After a few days, the greylist database was populated and mail would just go through without delays.
Re: Greylisting - check against a higher subnet class?
Agreed. It's been doing just fine now.
Re: Greylisting - check against a higher subnet class?
I know this is old but was wondering if it's possible to do greylisting based on a class b subnet? Having some trouble with a few places:
If it could have just gone off of 104.47.*.* then the next time it came through it would have made it.
Code: Select all
Sep 21 14:57:30 mucefa sqlgrey: grey: new: 104.47.37(104.47.37.47), davi@meter.com -> amil@ities.com
Sep 21 15:12:22 mucefa sqlgrey: grey: new: 104.47.36(104.47.36.57), davi@meter.com -> amil@ities.com
Sep 21 15:30:45 mucefa sqlgrey: grey: new: 104.47.41(104.47.41.86), davi@meter.com -> amil@ities.com
Sep 21 16:31:41 mucefa sqlgrey: grey: new: 104.47.33(104.47.33.88), davi@meter.com -> amil@ities.com
Sep 22 10:37:17 mucefa sqlgrey: grey: new: 104.47.32(104.47.32.52), davi@meter.com -> amil@ities.com
Sep 22 10:51:34 mucefa sqlgrey: grey: new: 104.47.40(104.47.40.68), davi@meter.com -> amil@ities.com
Re: Greylisting - check against a higher subnet class?
I'm still having trouble with this. Was wondering if anyone knows if changing it to class b is possible?
Re: Greylisting - check against a higher subnet class?
You might be better off whitelisting Office 365/outlook.com...
/etc/sqlgrey/clients_fqdn_whiteliest.local
If you look at /etc/sqlgrey/clients_ip_whitelist you'll see examples of class B networks that are whitelisted. You may need to run sudo update_sqlgrey_config afterwards
/etc/sqlgrey/clients_fqdn_whiteliest.local
Code: Select all
*.messagelabs.com
messagelabs.com
*.mxlogic.com
mxlogic.com
*.outbound.protection.outlook.com
outbound.protection.outlook.com