davidenco 1 Posted June 22, 2018 Share Posted June 22, 2018 Windows Server 2012 R2 Exchange Server 2013 CU20 EMSX 6.5.10057.0 In EMSX, emails from Hotmail are being greylisted, so I am right-clicking the log entry and using the "Add domain to greylisting whitelist" option to add "hotmail.com" to the greylisting whitelist. Despite adding the domain to the whitelist, emails from Hotmail are still being greylisted. I notice the HELO domain is "outlook.com", so I have manually added this to the whitelist and now all emails from "hotmail.com" are no longer greylisted, but neither are any email address that use "outlook.com", such as "hotmail.co.uk". It seems EMSX may be whitelisting the wrong domain, but then what domain is it using in the greylisting process to begin with? The email address or the HELO domain? Link to comment Share on other sites More sharing options...
ESET Staff filips 44 Posted June 25, 2018 ESET Staff Share Posted June 25, 2018 Hi davidenco, "Add domain to greylisting whitelist" adds the domain to "Domain to IP whitelist". Domains in this list are resolved to IP addresses and these IP addresses are then whitelisted. Resolving may take some time - you can check advanced settings to see if the IP addresses were already resolved (and which IP addresses were found). hotmail.com, outlook.com and hotmail.co.uk share some IP addresses/ranges so if you add one of them to whitelist it may whitelist others as well. If you see an email rejected by greylisting (that should be whitelisted), you can check the IP address against "Domain to IP whitelist". Link to comment Share on other sites More sharing options...
davidenco 1 Posted June 25, 2018 Author Share Posted June 25, 2018 You're missing my point. I am whitelisting hotmail.com but still seeing log entries for emails from hotmail.com being greylisted. It's not until I whitelist the HELO domain (outlook.com) that the emails from hotmail.com are then no longer greylisted. Emails that originate from a domain that matches the HELO domain that are whitelisted are not greylisted. This issue only applies to emails whose email domain and HELO domain does not match, such as cloud-based providers. It would be better if ESMX automatically whitelisted known email providers, just like cPanel does. Link to comment Share on other sites More sharing options...
ESET Staff filips 44 Posted June 25, 2018 ESET Staff Share Posted June 25, 2018 Greylisting whitelists use IP address of sender - HELO domain is not used at all. The problem can be caused by EMSX not resolving all of hotmail.com IP addresses. What IP addresses from hotmail.com do you see in greylist log that were rejected (and should be whitelisted)? Link to comment Share on other sites More sharing options...
davidenco 1 Posted June 25, 2018 Author Share Posted June 25, 2018 (edited) I have cleared the whitelist for the purpose of this test. I don't have any examples from hotmail.com just yet, so will use a domain I do have. Domain "russellrussell.co.uk" with IP "195.245.230.132" and HELO domain "mail1.bemta25.messagelabs.com" has been whitelisted. Initial log entry said action was "rejected" and time remaining "10". At this point the domain was whitelisted and upon opening the advanced options and looking at the whitelist, the domain was listed and in bold with a + next to it and IP range "195.245.230.0 - 195.245.231.255" appears under that domain. Repeated attempt from same HELO, IP address and email address resulted in the action "rejected (not verified yet)" and time remaining still "10". After 10 minutes, the email has now been received, but should never have been greylisted in the first place in accordance with the whitelist. Edited June 25, 2018 by davidenco Link to comment Share on other sites More sharing options...
ESET Staff filips 44 Posted June 27, 2018 ESET Staff Share Posted June 27, 2018 Hi, i can confirm this is a bug - resolving of domains runs asynchronously and the IP addresses are not always transferred to transport agent. It will be fixed in EMSX v7 Thank you for reporting a problem Link to comment Share on other sites More sharing options...
davidenco 1 Posted June 28, 2018 Author Share Posted June 28, 2018 Excellent, glad it's not just me. Link to comment Share on other sites More sharing options...
Recommended Posts