This article contains information on greylisting, a compliance check to reduce spam by temporarily rejecting emails from unknown senders, and provides steps to configure or bypass greylisting policies in Mimecast.
Greylisting is a default compliance check applied to all inbound messages from connections not previously seen by us. Provided the sender's mail server (Message Transfer Agent - MTA) complies with best practice guidelines (RFC compliance), the message is successfully delivered.
The vast majority of spam is sent from applications designed specifically for that purpose. These adopt the "fire-and-forget" method, where they attempt to send spam to one or more MX hosts for a domain, but never attempt a retry. By using greylisting policies, any messages sent from an incorrectly configured MTA aren't accepted, helping to reduce the amount of spam.
The Greylisting Process
Greylisting looks at the following pieces of information for the delivery attempt:
- IP address of the MTA
- Envelope sender address
- Envelope recipient address
With this information, we have a unique relationship for that particular SMTP session:
- If we've never seen this information before, a server busy status (451 Resource is Temporarily Unavailable) is issued. This is a temporary failure and is maintained for 60 seconds, forcing the sending server to queue and retry.
- A correctly configured MTA always attempts to retry the message's delivery. If the MTA retries after 60 seconds and before the 12-hour upper limit, the message is accepted.
- If the message is not retried in this 12-hour period, an entry is logged in the Rejection Viewer as "Sender Failed to Retry" (12 hours after the initial attempt). See Rejected and Deferred Messages.
- If the sending MTA attempts again after 12 hours from the initial attempt, the greylisting process restarts.
By default, an Exchange server retries to send a message every 10 minutes until the message retries expire.
Usage Considerations
Consider the following before creating a policy:
- All email connections that have been subjected to greylisting are logged-in connection attempts.
- Any sender email address, domain, or IP address added to the Auto Allow or Permitted Senders list isn't subjected to greylisting.
- A greylisting policy is created by default by Mimecast Support during the Implementation process, configured to apply to all inbound traffic. There may be instances where you experience difficulty receiving emails from legitimate senders whose MTA hasn't been correctly configured. If the sender's MTA doesn't comply with RFC standards, but their messages are deemed safe for your organization, you can create a greylisting bypass policy.
Configuring a Greylisting Policy
To configure a Greylisting policy:
- Log in to the Mimecast Administration Console.
- Navigate to Gateway | Policies.
- Select Greylisting.
- Either select the:
-
- Policy to be changed.
- New Policy button to create a policy.
- Complete the Options section as required:
| Option | Description |
|---|---|
| Policy Narrative | Enter a policy description that allows you to identify it. |
| Select Option | Select whether to apply greylisting or to take no action (bypass). |
- Complete the Emails From and Emails To sections as required:
| Field / Option | Description | |||
|---|---|---|---|---|
| Addresses Based On | Specify the email address characteristics the policy is based on. This option is only available in the "Emails From" section:
|
|||
| Applies From / To | Specify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to the least specific. The options are:
|
|||
- Complete the Validity section as required:
| Field / Option | Description | |||
|---|---|---|---|---|
| Enable / Disable | Use this to enable (default) or disable a policy. If a date range has been specified, the policy is automatically disabled when the end of the configured date range is reached. | |||
| Set Policy as Perpetual | If the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires. | |||
| Date Range | Use this field to specify a start and/or end date for the policy. If the Eternal option is selected, no date is required. | |||
| Policy Override | Applies Auto Allow to the recipient's email address for all internal end users, avoiding spam checks when users receive mail from this recipient. | |||
| Bi-directional | If selected, the policy is applied when the policy's recipient is the sender, and the sender is the recipient. | |||
| Source IP Ranges (n.n.n.n/x) | Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation. | |||
- Select the Save and Exit button.
Comments
Please sign in to leave a comment.