Page 1 of 1

Greylist vs EFA vs spf.protection.outlook.com

Posted: 01 Jul 2019 19:49
by bostjanc
Dear EFA members and crew!

we are trying to figure it out how to deal with false-positive greylist from sender which is hosted on O365.

we are on EFA version 3.0.2.6
We had to debug a mail flow where customer hosted on O365 (customer's domain isn't outlook.com) tried to deliver us message, but Efa kept bouncing back with message: Recipient address rejected: Greylisted for 5 minutes

The problem was that sender was sending from different outlook mail servers, for example:
NAM01-SN1-obe.outbound.protection.outlook.com
40.107.82(40.107.82.101)
NAM05-CO1-obe.outbound.protection.outlook.com
40.107.72(40.107.72.125)

After about 5 hours and a half EFA gaved up with: sqlgrey: grey: reconnect ok

How do you deal with this senders in your EFA environment? do you simply turn off greylist to avoid this kind of problems?
Please advise.
with best regards

Re: Greylist vs EFA vs spf.protection.outlook.com

Posted: 01 Jul 2019 20:32
by shawniverson
In the /etc/sqlgrey folder are the following files:

Code: Select all

clients_fqdn_whitelist.local
clients_ip_whitelist.local
Add protection.outlook.com to the clients_fqdn_whitelist.local and then run update_sqlgrey_config

Re: Greylist vs EFA vs spf.protection.outlook.com

Posted: 01 Jul 2019 20:41
by bostjanc
@shawniverson thank you for quick reply.
I have followed your instructions and this is the output I got.
does this look ok?

https://drive.google.com/file/d/1tYRPYq ... sp=sharing

Re: Greylist vs EFA vs spf.protection.outlook.com

Posted: 02 Jul 2019 14:29
by jamerson
shawniverson wrote: 01 Jul 2019 20:32 In the /etc/sqlgrey folder are the following files:

Code: Select all

clients_fqdn_whitelist.local
clients_ip_whitelist.local
Add protection.outlook.com to the clients_fqdn_whitelist.local and then run update_sqlgrey_config
is this secure to do ? even add google servers there ?

Re: Greylist vs EFA vs spf.protection.outlook.com

Posted: 22 Apr 2020 18:05
by mattch
Beautiful. i just come across this my self. THANK YOU!

I swore the user is crazy but nope.

cat /var/log/maillog | grep o365@emails.com

Code: Select all

[code]Apr 22 12:02:41 mx2 sqlgrey: grey: new: 40.107.237(40.107.237.92), o365@emails.com -> my@efaemail.com
Apr 22 12:02:41 mx2 postfix/smtpd[15816]: NOQUEUE: reject: RCPT from mail-bn8nam12on2092.outbound.protection.outlook.com[40.107.237.92]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM12-BN8-obe.outbound.protection.outlook.com>
Apr 22 12:17:11 mx2 sqlgrey: grey: new: 40.107.220(40.107.220.117), o365@emails.com -> my@efaemail.com
Apr 22 12:17:11 mx2 postfix/smtpd[19515]: NOQUEUE: reject: RCPT from mail-co1nam11on2117.outbound.protection.outlook.com[40.107.220.117]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM11-CO1-obe.outbound.protection.outlook.com>
Apr 22 12:34:40 mx2 sqlgrey: grey: new: 40.107.77(40.107.77.102), o365@emails.com -> my@efaemail.com
Apr 22 12:34:40 mx2 postfix/smtpd[25960]: NOQUEUE: reject: RCPT from mail-eopbgr770102.outbound.protection.outlook.com[40.107.77.102]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM02-SN1-obe.outbound.protection.outlook.com>
Apr 22 13:10:38 mx2 sqlgrey: grey: new: 40.107.92(40.107.92.102), o365@emails.com -> my@efaemail.com
Apr 22 13:10:38 mx2 postfix/smtpd[29859]: NOQUEUE: reject: RCPT from mail-bn7nam10on2102.outbound.protection.outlook.com[40.107.92.102]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM10-BN7-obe.outbound.protection.outlook.com>
Apr 22 13:25:34 mx2 sqlgrey: grey: new: 40.107.93(40.107.93.135), o365@emails.com -> my@efaemail.com
Apr 22 13:25:34 mx2 postfix/smtpd[4988]: NOQUEUE: reject: RCPT from mail-dm6nam10on2135.outbound.protection.outlook.com[40.107.93.135]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM10-DM6-obe.outbound.protection.outlook.com>
Apr 22 13:35:10 mx2 sqlgrey: grey: new: 40.107.76(40.107.76.129), o365@emails.com -> my@efaemail.com
Apr 22 13:35:10 mx2 postfix/smtpd[8590]: NOQUEUE: reject: RCPT from mail-eopbgr760129.outbound.protection.outlook.com[40.107.76.129]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@email.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM02-CY1-obe.outbound.protection.outlook.com>
Apr 22 13:43:20 mx2 sqlgrey: grey: new: 40.107.70(40.107.70.113), o365@emails.com -> my@efaemail.com
Apr 22 13:43:20 mx2 postfix/smtpd[8590]: NOQUEUE: reject: RCPT from mail-eopbgr700113.outbound.protection.outlook.com[40.107.70.113]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@email.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM04-SN1-obe.outbound.protection.outlook.com>
[/code]

Re: Greylist vs EFA vs spf.protection.outlook.com

Posted: 23 Apr 2020 07:04
by pdwalker
Over time, the problem will correct itself as EFA "learns" all the outlook.com smtp addresses.

However, I think it's probably better to whitelist the protection.outlook.com addresses.