Announcement

Collapse
No announcement yet.

Greylisting problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Greylisting problem

    We're having a problem with e-mail sent to recipients outside of our organisation where the recipient mail server is using greylisting.

    When our system receives the first greylisting response, it resends, as expected. However, it then gets another greylisting response. I thought that a greylisting system should accept any subsequent sends?

    An example of SMTP log entries is as follows:

    2007-02-23 12:19:35 TheirIP2 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 220+TheirServer2.TheirDomain+ESMTP+Exim+4.43+Fri,+ 23+Feb+2007+12:19:29++0000 0 0 69 0 30110 SMTP - - - -
    2007-02-23 12:19:35 TheirIP2 OutboundConnectionCommand SMTPSVC1 OurServer - 25 HELO - OurServer.OurDomain 0 0 4 0 30110 SMTP - - - -
    2007-02-23 12:19:35 TheirIP2 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 250+TheirServer2.TheirDomain+Hello+OurServer.OurDo main+[OurIP] 0 0 66 0 30141 SMTP - - - -
    2007-02-23 12:19:35 TheirIP2 OutboundConnectionCommand SMTPSVC1 OurServer - 25 MAIL - FROM:<[email protected]> 0 0 4 0 30141 SMTP - - - -
    2007-02-23 12:19:35 TheirIP2 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 250+OK 0 0 6 0 30188 SMTP - - - -
    2007-02-23 12:19:35 TheirIP2 OutboundConnectionCommand SMTPSVC1 OurServer - 25 RCPT - TO:<[email protected]> 0 0 4 0 30188 SMTP - - - -
    2007-02-23 12:19:35 TheirIP2 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 451-You+have+been+greylisted.+This+is+part+of+our+stan dard+anti-spam+measures 0 0 77 0 30235 SMTP - - - -
    2007-02-23 12:19:35 TheirIP2 OutboundConnectionCommand SMTPSVC1 OurServer - 25 RSET - - 0 0 4 0 30235 SMTP - - - -
    2007-02-23 12:19:35 TheirIP2 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 250+Reset+OK 0 0 12 0 30266 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 220+TheirServer1.TheirDomain+ESMTP+Exim+4.43+Fri,+ 23+Feb+2007+12:19:45++0000 0 0 69 0 30094 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionCommand SMTPSVC1 OurServer - 25 HELO - OurServer.OurDomain 0 0 4 0 30094 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 250+TheirServer1.TheirDomain+Hello+OurServer.OurDo main+[OurIP] 0 0 66 0 30140 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionCommand SMTPSVC1 OurServer - 25 MAIL - FROM:<[email protected]> 0 0 4 0 30140 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 250+OK 0 0 6 0 30187 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionCommand SMTPSVC1 OurServer - 25 RCPT - TO:<[email protected]> 0 0 4 0 30187 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 451-You+have+been+greylisted.+This+is+part+of+our+stan dard+anti-spam+measures 0 0 77 0 30234 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionCommand SMTPSVC1 OurServer - 25 RSET - - 0 0 4 0 30234 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 250+Reset+OK 0 0 12 0 30265 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionCommand SMTPSVC1 OurServer - 25 QUIT - - 0 0 4 0 30281 SMTP - - - -
    2007-02-23 12:20:05 TheirIP1 OutboundConnectionResponse SMTPSVC1 OurServer - 25 - - 221+TheirServer1.TheirDomain+closing+connection 0 0 40 0 30312 SMTP - - - -


    I don't think the involvment of two recipient mail servers is significant; the behaviour is similar in other instances when only one server is involved.

    The NDR returned to the sender was:

    "The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
    <OurServer.OurDomain #4.0.0 smtp;451-You have been greylisted. This is part of our standard anti-spam measures>"

    This NDR was only generated on restarting various Exchange-related services. I suspect the e-mail was stuck in the SMTP Temp tables (an issue for another posting on this site) which was reprocessed on restarting those services.

    Can anyone offer suggestions as to what the problem may be?

    Thanks.

    (We're running Exchange 2003 SP2.)

  • #2
    Re: Greylisting problem

    This is a known problem.
    There appears to be a bug in Exchange 2003 SP2 when the recipient server is using greylisting. I am told that Microsoft are looking in to it, but there is no sign of a patch yet.

    Paul Robichaux wrote about it last week in his weekly newsletter.
    http://www.windowsitpro.com/Article/...5331.html?Ad=1
    (Registration required).

    The only thing that I can suggest at the moment is to regularly restart the SMTP server service - 12 or 18 hour intervals will be fine. That will allow the email messages to be delivered.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Greylisting problem

      Thanks, Simon. That's very helpful.

      Comment

      Working...
      X