Greylist vs EFA vs spf.protection.outlook.com

General eFa discussion
Post Reply
bostjanc
Posts: 165
Joined: 01 Jun 2016 17:18

Greylist vs EFA vs spf.protection.outlook.com

Post by bostjanc »

Dear EFA members and crew!

we are trying to figure it out how to deal with false-positive greylist from sender which is hosted on O365.

we are on EFA version 3.0.2.6
We had to debug a mail flow where customer hosted on O365 (customer's domain isn't outlook.com) tried to deliver us message, but Efa kept bouncing back with message: Recipient address rejected: Greylisted for 5 minutes

The problem was that sender was sending from different outlook mail servers, for example:
NAM01-SN1-obe.outbound.protection.outlook.com
40.107.82(40.107.82.101)
NAM05-CO1-obe.outbound.protection.outlook.com
40.107.72(40.107.72.125)

After about 5 hours and a half EFA gaved up with: sqlgrey: grey: reconnect ok

How do you deal with this senders in your EFA environment? do you simply turn off greylist to avoid this kind of problems?
Please advise.
with best regards
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Greylist vs EFA vs spf.protection.outlook.com

Post by shawniverson »

In the /etc/sqlgrey folder are the following files:

Code: Select all

clients_fqdn_whitelist.local
clients_ip_whitelist.local
Add protection.outlook.com to the clients_fqdn_whitelist.local and then run update_sqlgrey_config
bostjanc
Posts: 165
Joined: 01 Jun 2016 17:18

Re: Greylist vs EFA vs spf.protection.outlook.com

Post by bostjanc »

@shawniverson thank you for quick reply.
I have followed your instructions and this is the output I got.
does this look ok?

https://drive.google.com/file/d/1tYRPYq ... sp=sharing
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: Greylist vs EFA vs spf.protection.outlook.com

Post by jamerson »

shawniverson wrote: 01 Jul 2019 20:32 In the /etc/sqlgrey folder are the following files:

Code: Select all

clients_fqdn_whitelist.local
clients_ip_whitelist.local
Add protection.outlook.com to the clients_fqdn_whitelist.local and then run update_sqlgrey_config
is this secure to do ? even add google servers there ?
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
mattch
Posts: 44
Joined: 28 Mar 2018 22:26

Re: Greylist vs EFA vs spf.protection.outlook.com

Post by mattch »

Beautiful. i just come across this my self. THANK YOU!

I swore the user is crazy but nope.

cat /var/log/maillog | grep o365@emails.com

Code: Select all

[code]Apr 22 12:02:41 mx2 sqlgrey: grey: new: 40.107.237(40.107.237.92), o365@emails.com -> my@efaemail.com
Apr 22 12:02:41 mx2 postfix/smtpd[15816]: NOQUEUE: reject: RCPT from mail-bn8nam12on2092.outbound.protection.outlook.com[40.107.237.92]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM12-BN8-obe.outbound.protection.outlook.com>
Apr 22 12:17:11 mx2 sqlgrey: grey: new: 40.107.220(40.107.220.117), o365@emails.com -> my@efaemail.com
Apr 22 12:17:11 mx2 postfix/smtpd[19515]: NOQUEUE: reject: RCPT from mail-co1nam11on2117.outbound.protection.outlook.com[40.107.220.117]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM11-CO1-obe.outbound.protection.outlook.com>
Apr 22 12:34:40 mx2 sqlgrey: grey: new: 40.107.77(40.107.77.102), o365@emails.com -> my@efaemail.com
Apr 22 12:34:40 mx2 postfix/smtpd[25960]: NOQUEUE: reject: RCPT from mail-eopbgr770102.outbound.protection.outlook.com[40.107.77.102]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM02-SN1-obe.outbound.protection.outlook.com>
Apr 22 13:10:38 mx2 sqlgrey: grey: new: 40.107.92(40.107.92.102), o365@emails.com -> my@efaemail.com
Apr 22 13:10:38 mx2 postfix/smtpd[29859]: NOQUEUE: reject: RCPT from mail-bn7nam10on2102.outbound.protection.outlook.com[40.107.92.102]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM10-BN7-obe.outbound.protection.outlook.com>
Apr 22 13:25:34 mx2 sqlgrey: grey: new: 40.107.93(40.107.93.135), o365@emails.com -> my@efaemail.com
Apr 22 13:25:34 mx2 postfix/smtpd[4988]: NOQUEUE: reject: RCPT from mail-dm6nam10on2135.outbound.protection.outlook.com[40.107.93.135]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@emails.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM10-DM6-obe.outbound.protection.outlook.com>
Apr 22 13:35:10 mx2 sqlgrey: grey: new: 40.107.76(40.107.76.129), o365@emails.com -> my@efaemail.com
Apr 22 13:35:10 mx2 postfix/smtpd[8590]: NOQUEUE: reject: RCPT from mail-eopbgr760129.outbound.protection.outlook.com[40.107.76.129]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@email.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM02-CY1-obe.outbound.protection.outlook.com>
Apr 22 13:43:20 mx2 sqlgrey: grey: new: 40.107.70(40.107.70.113), o365@emails.com -> my@efaemail.com
Apr 22 13:43:20 mx2 postfix/smtpd[8590]: NOQUEUE: reject: RCPT from mail-eopbgr700113.outbound.protection.outlook.com[40.107.70.113]: 451 4.7.1 <my@efaemail.com>: Recipient address rejected: Greylisted for 5 minutes; from=<o365@email.com> to=<my@efaemail.com> proto=ESMTP helo=<NAM04-SN1-obe.outbound.protection.outlook.com>
[/code]
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Greylist vs EFA vs spf.protection.outlook.com

Post by pdwalker »

Over time, the problem will correct itself as EFA "learns" all the outlook.com smtp addresses.

However, I think it's probably better to whitelist the protection.outlook.com addresses.
Post Reply