Let greylisting be configurable to only consider the first three octets of an IPv4 address
Bruno
shared this idea
Hello Bruno,
Usually big institutions which are using multiple mail servers, have other spam preventing frameworks which are more reliable than greylisting (SPF, DKIM, DMARC) set up properly.
Greylisting mean is to protect receiving spam mail from hosts infected with simple spamming scripts which can’t process 4xx server answers. Such hosts are usually (if not say always) fail SPF/DKIM/DMARC checks.
In cases when legitimate mail host is infected or spam is sent from it in other way (with hacked user account for example), greylisting is completely useless.
Making greylisting work in proposed way (react on first 3 octets only) is not a simple task and, actually, will decrease protection level because hosts with addresses in the same /24 subnet are often being hacked and infected at the same time.
So I’d recommend you using greylisting for hosts which are failed other frameworks (SPF/DKIM/DMARC) check only.
Thanks,
-
IB
-
We've created a feature request to allow checking SPF before greylisting. You may create additional request for this feature to be able to track it.
-
Bruno
commented
We found that some mailservers (from big companies or institutions) try to deliver the same mail from different IPs (in the same subnet). So the first delivery attempt comes from mx1.example.com (1.2.3.1) and runs into greylisting. 10 mintes later the second attempt comes from a diffent server mx2.example.com (1.2.3.2) and is rejected by greylisting as well ... the next attempts come from mx? (1.2.3.?). So this results in many hours delay of this email until greylisting finaly times out.
This is also addressed in the wikipedia article on greylisting https://en.wikipedia.org/wiki/Greylisting#Other_problems (see paragraph 4: "Also, legitimate mail might not get delivered if the retry comes from a different IP address than the original attempt. ...")
A good solution could be to only take the first 3 octets of an IPv4 address into acount for greylisting (1.2.3.*). I do not think, that this will lead to more spam in the inboxes but prevent long delays for legitimate mails.