GreyListing whitelist

[GTA_doum]

Hello,

I have a new install of eFa 4. I'm trying to put a list of domains and email addresses in greylisting whitelist, but I am not successful.

I tried putting one domain to test in the file clients_fqdn_whitelist.local and then in clients_fqdn_whitelist, restarting the sqlgrey service every time, but greylisting ignores whatever is put in those files. I even tried one domain listed already in clients_fqdn_whitelist, smtp.mandrake.org, but it did not work neither, the email had to go through greylisting too.

How to properly whitelist a domain in greylist

[shawniverson]

Try running this after making the change in the clients_fqdn_whitelist.local:

Code: Select all

sudo update_sqlgrey_config

[GTA_doum]

I forgot to mention I did that, and I redid it just in case, which removed my entry in the clients_fqdn_whitelist and left the one in the clients_fqdn_whitelist.local, but it still does not work.
It is like greylist ignores those files completely.

[GTA_doum]

I finally found how it works! It is the PTR of the IP address the connection is made from that has to be whitelisted in the clients_fqdn_whitelist files of greylist, the "ehlo" name or email address used in "mail from:" do not matter

[shawniverson]

Glad you figured it out

[GTA_doum]

Yes, but this is helpful with domains having only one server, using the same PTR as email domain, the ones having more or a different name, I will not be able to whitelist by the domain name only. So I am unsure what to do from here; disable greylisting completely or using another one...

My whitelist is over 6000 lines, mix of domains and email addresses, for which I would like to avoid those having to go through greylisting again. Some of those (of course, I do not recall which) are time critical and cannot wait for greylisting.
For now this server is used as the second MX until I figure out a way to configure properly the greylisting. I'm open to suggestions

[shawniverson]

The whitelist should support wildcard matching.

so *.example.com could be used

[shawniverson]

Another option is to disable greylisting and consider setting up postscreen instead.

[GTA_doum]

I am also testing Proxmox Mail Gateway, which uses postscreen, that presently blocks everything with error 550! Still did not figure out why.
I could give it a try with eFa. I do like greylisting, it is truely stopping many old timers spams. Newer spams are now using properly configured server with DMARC and DKIM! I guess they can also read manuals

[GTA_doum]

What does it mean when under "email addresses", the columns "sender name" and "sender domain" have "-undef-"? Does it mean that whatever will be sent by that IP address will be accepted? But the domain will never be put under "Domains"?

[GTA_doum]

How long does greylist keeps the whitelist and blacklist I did a research on this subject but did find any information. I looked into sqlgrey.conf, but did not find anything neither concerning those parameters.

[shawniverson]

What does it mean when under "email addresses", the columns "sender name" and "sender domain" have "-undef-"? Does it mean that whatever will be sent by that IP address will be accepted? But the domain will never be put under "Domains"?

It won't be accepted, it'll just pass greylisting.

[shawniverson]

How long does greylist keeps the whitelist and blacklist I did a research on this subject but did find any information. I looked into sqlgrey.conf, but did not find anything neither concerning those parameters.

I don't think these expire on their own.

[Aryfir]

I would like to discuse this also, it might be useful for others

if there is one ip address but it is used by many domains for example 22.33.44.55 is using by a.com, b.net, c.org
I would put 22.33.44 in:

Code: Select all

/etc/sqlgrey/clients_ip_whitelist.local

This IP will never be greylisted starting from 22.33.44.1 till 22.33.44.254

Shawn Iverson have already discussed about this somewhere on this forum, you can searched it

A year ago, i found the most lazy SMTP Server i ever knew, it was sent email to our user only 1 time and never retry/resend (just like spammer behavior), so i put their SMTP Server IP Address on clients_ip_whitelist.local
Then they emailed me and written that our MX is not configured properly, and i was like "Whaaat!...".

And also sometime ago; one of our user get hacked. Spammer used his email account to send email everywhere. It was like thousands emails (from thousands ip address), luckily our eFa Greylisting put them in hold, and release like 50-60 emails because spammer using hacked legitimate SMTP Server too.

Then i deleted all of those emails, and it was saved us from getting blacklist all over the world

So, my personal opinion...never ever never disabled greylisting, it will save you in the future.

BR,
Aryfir