Dear EFA members and crew!
we are trying to figure it out how to deal with false-positive greylist from sender which is hosted on O365.
we are on EFA version 3.0.2.6
We had to debug a mail flow where customer hosted on O365 (customer's domain isn't outlook.com) tried to deliver us message, but Efa kept bouncing back with message: Recipient address rejected: Greylisted for 5 minutes
The problem was that sender was sending from different outlook mail servers, for example:
NAM01-SN1-obe.outbound.protection.outlook.com
40.107.82(40.107.82.101)
NAM05-CO1-obe.outbound.protection.outlook.com
40.107.72(40.107.72.125)
After about 5 hours and a half EFA gaved up with: sqlgrey: grey: reconnect ok
How do you deal with this senders in your EFA environment? do you simply turn off greylist to avoid this kind of problems?
Please advise.
with best regards
Greylist vs EFA vs spf.protection.outlook.com
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Greylist vs EFA vs spf.protection.outlook.com
In the /etc/sqlgrey folder are the following files:
Add protection.outlook.com to the clients_fqdn_whitelist.local and then run update_sqlgrey_config
Code: Select all
clients_fqdn_whitelist.local
clients_ip_whitelist.local
Re: Greylist vs EFA vs spf.protection.outlook.com
@shawniverson thank you for quick reply.
I have followed your instructions and this is the output I got.
does this look ok?
https://drive.google.com/file/d/1tYRPYq ... sp=sharing
I have followed your instructions and this is the output I got.
does this look ok?
https://drive.google.com/file/d/1tYRPYq ... sp=sharing
Re: Greylist vs EFA vs spf.protection.outlook.com
is this secure to do ? even add google servers there ?shawniverson wrote: ↑01 Jul 2019 20:32 In the /etc/sqlgrey folder are the following files:
Add protection.outlook.com to the clients_fqdn_whitelist.local and then run update_sqlgrey_configCode: Select all
clients_fqdn_whitelist.local clients_ip_whitelist.local
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
Re: Greylist vs EFA vs spf.protection.outlook.com
Beautiful. i just come across this my self. THANK YOU!
I swore the user is crazy but nope.
cat /var/log/maillog | grep o365@emails.com[/code]
I swore the user is crazy but nope.
cat /var/log/maillog | grep o365@emails.com
Code: Select all
[code]Apr 22 12:02:41 mx2 sqlgrey: grey: new: 40.107.237(40.107.237.92), o365@emails.com -> my@efaemail.com
Apr 22 12:02:41 mx2 postfix/smtpd[15816]: NOQUEUE: reject: RCPT from mail-bn8nam12on2092.outbound.protection.outlook.com[40.107.237.92]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM12-BN8-obe.outbound.protection.outlook.com>
Apr 22 12:17:11 mx2 sqlgrey: grey: new: 40.107.220(40.107.220.117), o365@emails.com -> my@efaemail.com
Apr 22 12:17:11 mx2 postfix/smtpd[19515]: NOQUEUE: reject: RCPT from mail-co1nam11on2117.outbound.protection.outlook.com[40.107.220.117]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM11-CO1-obe.outbound.protection.outlook.com>
Apr 22 12:34:40 mx2 sqlgrey: grey: new: 40.107.77(40.107.77.102), o365@emails.com -> my@efaemail.com
Apr 22 12:34:40 mx2 postfix/smtpd[25960]: NOQUEUE: reject: RCPT from mail-eopbgr770102.outbound.protection.outlook.com[40.107.77.102]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM02-SN1-obe.outbound.protection.outlook.com>
Apr 22 13:10:38 mx2 sqlgrey: grey: new: 40.107.92(40.107.92.102), o365@emails.com -> my@efaemail.com
Apr 22 13:10:38 mx2 postfix/smtpd[29859]: NOQUEUE: reject: RCPT from mail-bn7nam10on2102.outbound.protection.outlook.com[40.107.92.102]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM10-BN7-obe.outbound.protection.outlook.com>
Apr 22 13:25:34 mx2 sqlgrey: grey: new: 40.107.93(40.107.93.135), o365@emails.com -> my@efaemail.com
Apr 22 13:25:34 mx2 postfix/smtpd[4988]: NOQUEUE: reject: RCPT from mail-dm6nam10on2135.outbound.protection.outlook.com[40.107.93.135]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM10-DM6-obe.outbound.protection.outlook.com>
Apr 22 13:35:10 mx2 sqlgrey: grey: new: 40.107.76(40.107.76.129), o365@emails.com -> my@efaemail.com
Apr 22 13:35:10 mx2 postfix/smtpd[8590]: NOQUEUE: reject: RCPT from mail-eopbgr760129.outbound.protection.outlook.com[40.107.76.129]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@email.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM02-CY1-obe.outbound.protection.outlook.com>
Apr 22 13:43:20 mx2 sqlgrey: grey: new: 40.107.70(40.107.70.113), o365@emails.com -> my@efaemail.com
Apr 22 13:43:20 mx2 postfix/smtpd[8590]: NOQUEUE: reject: RCPT from mail-eopbgr700113.outbound.protection.outlook.com[40.107.70.113]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@email.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM04-SN1-obe.outbound.protection.outlook.com>
Re: Greylist vs EFA vs spf.protection.outlook.com
Over time, the problem will correct itself as EFA "learns" all the outlook.com smtp addresses.
However, I think it's probably better to whitelist the protection.outlook.com addresses.
However, I think it's probably better to whitelist the protection.outlook.com addresses.