Is EMSX greylisting the wrong domain?

[davidenco 1]

Windows Server 2012 R2
Exchange Server 2013 CU20
EMSX 6.5.10057.0

In EMSX, emails from Hotmail are being greylisted, so I am right-clicking the log entry and using the "Add domain to greylisting whitelist" option to add "hotmail.com" to the greylisting whitelist.

Despite adding the domain to the whitelist, emails from Hotmail are still being greylisted.

I notice the HELO domain is "outlook.com", so I have manually added this to the whitelist and now all emails from "hotmail.com" are no longer greylisted, but neither are any email address that use "outlook.com", such as "hotmail.co.uk".

It seems EMSX may be whitelisting the wrong domain, but then what domain is it using in the greylisting process to begin with? The email address or the HELO domain?

[filips 44]

Hi davidenco,

"Add domain to greylisting whitelist" adds the domain to "Domain to IP whitelist". Domains in this list are resolved to IP addresses and these IP addresses are then whitelisted. Resolving may take some time - you can check advanced settings to see if the IP addresses were already resolved (and which IP addresses were found).

hotmail.com, outlook.com and hotmail.co.uk share some IP addresses/ranges so if you add one of them to whitelist it may whitelist others as well.

If you see an email rejected by greylisting (that should be whitelisted), you can check the IP address against "Domain to IP whitelist".

[davidenco 1]

You're missing my point. I am whitelisting hotmail.com but still seeing log entries for emails from hotmail.com being greylisted. It's not until I whitelist the HELO domain (outlook.com) that the emails from hotmail.com are then no longer greylisted.

Emails that originate from a domain that matches the HELO domain that are whitelisted are not greylisted. This issue only applies to emails whose email domain and HELO domain does not match, such as cloud-based providers.

It would be better if ESMX automatically whitelisted known email providers, just like cPanel does.

[filips 44]

Greylisting whitelists use IP address of sender - HELO domain is not used at all. The problem can be caused by EMSX not resolving all of hotmail.com IP addresses.

What IP addresses from hotmail.com do you see in greylist log that were rejected (and should be whitelisted)?

[davidenco 1]

I have cleared the whitelist for the purpose of this test. I don't have any examples from hotmail.com just yet, so will use a domain I do have.

Domain "russellrussell.co.uk" with IP "195.245.230.132" and HELO domain "mail1.bemta25.messagelabs.com" has been whitelisted.

Initial log entry said action was "rejected" and time remaining "10". At this point the domain was whitelisted and upon opening the advanced options and looking at the whitelist, the domain was listed and in bold with a + next to it and IP range "195.245.230.0 - 195.245.231.255" appears under that domain.

Repeated attempt from same HELO, IP address and email address resulted in the action "rejected (not verified yet)" and time remaining still "10".

After 10 minutes, the email has now been received, but should never have been greylisted in the first place in accordance with the whitelist.

Edited June 25, 2018 by davidenco

[filips 44]

Hi,

i can confirm this is a bug - resolving of domains runs asynchronously and the IP addresses are not always transferred to transport agent.

It will be fixed in EMSX v7

Thank you for reporting a problem

[davidenco 1]

Excellent, glad it's not just me.