Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Looking for advice on Grey Listing vs outlook.com's behaviour
exim-users at lists
Aug 22, 2023, 1:17 AM
Post #1 of 7 (199 views)
Permalink
Hi Exim Users,

I'm looking for advice on Grey Listing vs outlook.com's behaviour of
retrying to send from multiple SMTP relays.

Many years ago, we added Grey Listing as a feature to Exim. This delays
the receiving of new emails by 10 minutes, so the next try will usually
work but allow for that combination to be properly black-listed - if
required. This is done by saving the tuple of information, From, To,
SMTP_Relay. I usually save it for 12 months.

This usually works well - initial emails are delayed by 15 minutes - no
one complains.

However, emails via Microsoft will keep changing the identity of the
SMTP_Relay to a group of 10 or so SMTP Servers, so the initial delay
keeps getting implemented ==> Customers complain.

I could:-

1 - Remove grey Listing - but it used to have a purpose and I assume
still has?

2 - Remove the SMTP-Server element from Grey Listing - but it was put
there for a reason?

3 - White list all the Outlook.com SMTP Server addresses - do they
though remain static?

What do people advise?

If No. 3, anyone have a definitive list to WhiteList with? Perhaps a
link to a dynamic WhiteList?




--

Mark James ELKINS  -  Posix Systems - (South) Africa
mje@posix.co.za       Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>




--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Looking for advice on Grey Listing vs outlook.com's behaviour [ In reply to ]
exim-users at lists
Aug 22, 2023, 1:39 AM
Post #2 of 7 (199 views)
Permalink
On 22/08/2023 09:17, Mark Elkins via Exim-users wrote:
> I'm looking for advice on Grey Listing vs outlook.com's behaviour of retrying to send from multiple SMTP relays.

If you can identify a feature common to all such connections, use that rather
than the remote-ip in your greylist DB tag. Also, if you know the always retry
like real MTAs should (and some spammers don't), you may as well whitelist them.

Or, autobuild a DB of known-retrier IPs, and use that to whitelist.

--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Looking for advice on Grey Listing vs outlook.com's behaviour [ In reply to ]
exim-users at lists
Aug 22, 2023, 1:57 AM
Post #3 of 7 (199 views)
Permalink
On Tue, Aug 22, 2023 at 10:17:52AM +0200, Mark Elkins via Exim-users wrote:
> However, emails via Microsoft will keep changing the identity of the
> SMTP_Relay to a group of 10 or so SMTP Servers, so the initial delay keeps
> getting implemented ==> Customers complain.
...
> 3 - White list all the Outlook.com SMTP Server addresses - do they though
> remain static?

Do not rely on their static nature, I'm sure they aren't static.

Technically, you can retrive SPF record of sender (with Exim's lookup
of "dns" type), and scan it for "outlook.com" and "microsoft.com".
If some substring found, exclude greylisting.

% host -t txt outlook.com.
outlook.com descriptive text "v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 include:spf.protection.outlook.com include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com ~all"
...
--
Eugene Berdnikov

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Looking for advice on Grey Listing vs outlook.com's behaviour [ In reply to ]
exim-users at lists
Aug 22, 2023, 2:03 AM
Post #4 of 7 (199 views)
Permalink
Hi,

my implementation uses mail-from:rcpt-to as indicator for the retry. And
additionally remembers the IP the first connection came from for later
auto whitelisting.

Additionally I skip the greylisting if the announced message size
is below a certain limit.

My current implementation uses Exim's built-in Perl.
https://gitea.schlittermann.de/IUS/libexim-grey-perl

I did experiments with greylisting after DATA and using the Message-ID
header, but it seems that there are senders, changing the Message-ID for
each delivery attempt.

The mail-from usually doesn't change that often. (There was one issue
with PRVS implemented by mailgun, they changed the sender with each
attempt. But this feature they rolled back (I think)).

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -

Attached Files:

Re: Looking for advice on Grey Listing vs outlook.com's behaviour [ In reply to ]
exim-users at lists
Aug 22, 2023, 3:35 AM
Post #5 of 7 (199 views)
Permalink
On 22/08/2023 09:17, Mark Elkins via Exim-users wrote:

> I'm looking for advice on Grey Listing vs outlook.com's behaviour of
> retrying to send from multiple SMTP relays.
...
> 3 - White list all the Outlook.com SMTP Server addresses

In grey list defer I use:

!dnslists = list.dnswl.org


Checking a single sample...

$ host 40.107.241.107
107.241.107.40.in-addr.arpa domain name pointer
mail-vi1eur02on2107.outbound.protection.outlook.com.

$ host 107.241.107.40.list.dnswl.org
107.241.107.40.list.dnswl.org has address 127.0.3.0

It is listed, that is all I require to skip grey listing.


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Looking for advice on Grey Listing vs outlook.com's behaviour [ In reply to ]
exim-users at lists
Aug 22, 2023, 3:38 AM
Post #6 of 7 (199 views)
Permalink
James via Exim-users <exim-users@lists.exim.org> (Di 22 Aug 2023 12:35:33 CEST):
> > 3 - White list all the Outlook.com SMTP Server addresses
>
> In grey list defer I use:
>
> !dnslists = list.dnswl.org

That service and the project backing it seem to be rather outdated to
me. Do you have more accurate information?

--
Heiko

Attached Files:

Re: Looking for advice on Grey Listing vs outlook.com's behaviour [ In reply to ]
exim-users at lists
Aug 22, 2023, 6:34 AM
Post #7 of 7 (199 views)
Permalink
On 2023-08-22, Mark Elkins via Exim-users <exim-users@lists.exim.org> wrote:
> Hi Exim Users,
>
> I'm looking for advice on Grey Listing vs outlook.com's behaviour of
> retrying to send from multiple SMTP relays.
>
> Many years ago, we added Grey Listing as a feature to Exim. This delays
> the receiving of new emails by 10 minutes, so the next try will usually
> work but allow for that combination to be properly black-listed - if
> required. This is done by saving the tuple of information, From, To,
> SMTP_Relay. I usually save it for 12 months.
>
> This usually works well - initial emails are delayed by 15 minutes - no
> one complains.
>
> However, emails via Microsoft will keep changing the identity of the
> SMTP_Relay to a group of 10 or so SMTP Servers, so the initial delay
> keeps getting implemented ==> Customers complain.
>
> I could:-
>
> 1 - Remove grey Listing - but it used to have a purpose and I assume
> still has?
>
> 2 - Remove the SMTP-Server element from Grey Listing - but it was put
> there for a reason?
>
> 3 - White list all the Outlook.com SMTP Server addresses - do they
> though remain static?
>
> What do people advise?
>
> If No. 3, anyone have a definitive list to WhiteList with? Perhaps a
> link to a dynamic WhiteList?

perhaps you could use their SPF record as a source of truth.
I can't think of a pure exim way to automate that though, because
senders will be using non-outlook domains.

By the way; gmail, yahoo, sendgrid: same deal.

--
Jasen.
???????? ????? ???????

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal