Forums & Blog

Hi All, 

I would assume this had been discussed before, but haven't been able to find a thread.  I recently converted an I-mail 8.12 server to Smartermail version 4.3.2760.  The conversion script converted 129 domains with 421 e-mail boxes without any problems (it took over 2 hours because of the large volume of e-mails) and only a few complex filters and rules did not properly make the conversion.

 So, now the problem I am having is with local customers getting the grey-listing message, even though they are sending e-mail to co-workers on the same domain and server (intra-domain e-mail).  I would assume there is a way to fix this?  What is even stranger is that some domains have this problem and others do not.

 Also, since this a Windows 2003 Server, I will have to reboot occasionally for software and security updates, does the cache of subsequently white-listed addresses reside in a file, or does this get flushed?  I noticed that on a server reboot, the stats get flushed and this has me paranoid as our customer service line will light up if our customers get that same message '451 grey-listed' when sending intra-office e-mail.

 
Thanks for any insight to this problem,

 Marc
Everything Graphic, Inc.
marc@everythinggraphic.com

 

Hi Marc!

There can be several problems here.  This is what I would check:

1) For each domain verify the MX record in the DNS. Make sure that there is only one MX record and that it is pointing directly to your SmarterMail server. Why is this important?  

Grey listing can only reduce spam if it is active on the first incoming server as defined by the MX record in the DNS.

• You will never get grey listing to work well for a domain if there is secondary MX acting as a mail bag or backup. If you do not want to remove the other MX records, turn off grey listing completely for that domain or at least add a bypass for grey listing for the outgoing IP-address from the backup server to your white list. The outgoing IP-address is usually the same as listed in the MX-record (but not always since it can be a whole chain of mail server doing anti-virus checks, spam check, etcetera).

• If there is only one MX record and it is not pointing directly to your server, change it to do so or turn of grey listing because it has no effect except to delay mail delivery.

2) If you have any gateways for outgoing mail delivery, make sure they are added to you white list.

3) Important settings for mail delivery.

• Set relay allowed for nobody [edited]
• Make sure "Bypass relay settings when using SMTP authentication" in Smtp In under protocel settings is turned on.
• Enable the SMTP Submission (port 587)

4) Instruct all users to check there settings for outgoing mail server in their mail client.

Many ISP blocks port 25 today and a common recommendation is to use a smtp relay server provided by the ISP instead. This will always trigger grey listing the first time, even for intra domain e-mails.

You should make sure all your users has configured their mail client to use
  a) your SmarterMail host as outgoing SMTP server,
  b) has configured outlook to use authentication for outging mail server AND
  c) change port from 25 to 587 in the advanced settings.

5) Finally, are you aware that you always can turn grey-listing of for individual accounts or domains if you want?

 

As far as I understand the grey listing database is actually stored in a file so it will be reloaded if you restart the server.

Thank you for your detailed e-mail.  Many of the items you mention are already setup, but I suppose I can move those users experiencing the problem to use port 587.  Question, does sending e-mail using port 587 bypass the greylist filter for local delivery?

Thanks again,

 
Marc

 

Yes, authentication should by pass grey listing.

I should clarify that a little. Port 587 always requires authentication and after that you are allowed to both send locally direct and send e-mail that require relay.