Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-13 23:57 UTC

Message

Re: [milter-greylist] dealing with mail relay "pools"?

2019-04-25 by Christian Pélissier

Le mercredi 24 avril 2019 � 22:22 +0200, John Damm S�rensen
john@... [milter-greylist] a �crit :
>   
> Provided that the members of the relay pool reside in the same subnet
> this statement is your savior:
> 
> subnetmatch /24

subnetmatch /16  or less /12 is better.

For example gmail has four MX CIDR:74.125.0.0/16
and one in CIDR:108.177.0.0/17

# dig +short MX gmail.com
20 alt2.gmail-smtp-in.l.google.com.
30 alt3.gmail-smtp-in.l.google.com.
40 alt4.gmail-smtp-in.l.google.com.
10 alt1.gmail-smtp-in.l.google.com.
5 gmail-smtp-in.l.google.com.
# dig +short alt1.gmail-smtp-in.l.google.com.
74.125.205.26
# dig +short alt2.gmail-smtp-in.l.google.com.
74.125.68.26
# dig +short alt3.gmail-smtp-in.l.google.com.
108.177.125.26
# dig +short alt4.gmail-smtp-in.l.google.com.
74.125.195.26
# dig +short gmail-smtp-in.l.google.com.
74.125.206.27

Another example

nasa.gov CIDR:198.120.0.0/14, 198.116.0.0/14
the 8 MX are inside  198.117.0.0/16

> 
> Best
> 
> John
> 
> 
> Den 24-04-2019 kl. 15:45 skrev Steve Rikli sr@...
> [milter-greylist]:
> 
> >   
> > I've been happily using milter-greylist for a few years, with pretty
> > great results -- spam level is barely noticeable, and I'm only using
> > greylist by itself at the moment.
> > 
> > Recently I've noticed again I'm occasionally missing messages, or at
> > least hitting multiple iterations of delays; when I dig into the
> > logs
> > it appears to result from the sender using a mail relay server
> > "pool".
> > 
> > E.g. the 1st delivery attempt comes from relay1.example.com, which
> > then
> > gets greylisted; the 2nd attempt comes from relay2.example.com, the
> > 3rd
> > from relay3, and so on.
> > 
> > In some cases a previous relay will get the message to try again,
> > and
> > the message will eventually be delivered normally.
> > 
> > In other situations, possibly with very large relay server pools
> > (?),
> > the autowhite timer for the relay(s) expires, and the sender
> > eventually
> > gives up presumably due to their own retry policies.
> > 
> > I've noticed this happening a few times with domains hosted by
> > office365
> > outlook.com, though I'd expect there are others.
> > 
> > When I notice these sort of issues, because it's a person or domain
> > I
> > want to associate with, I simply add them to my white list as
> > needed.
> > 
> > But I'm wondering if anyone has found a more automatic / elegant way
> > of handling situations like this.
> > 
> > Cheers,
> > sr.
> > 
> > 
> > 
> 
> 
> Virusfri. www.avast.com 
> 
> 
> 

-- 
Christian P�lissier
\ue40aONERA DSI/ISR BP72 92322 Chatillon CEDEX\ue409
\ue201 34419

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.