Greylist - best practice

wyzwolenia · July 19, 2016

Hi

Because I receive a lot of spam I decide enable greylists in Eset.

I have default settings.

Sometimes I receive email after more then 12h. Of course if I add this sender to alowed senders and he send me email again I receive it ASAP.

What settings I can change to speed up receive emails from senders who are not on greylist or alowed senders?

Can eset or exchange put all senders to which we sent emails to alowed senders or they domain there?

Any help?

filips · July 21, 2016

hi wyzwolenia,

This problem can occur if the sending domain uses more IP addresses to send emails (e.g. gmail). If the IP address changes after temporary reject by greylisting, new connection cannot be paired with the one that already exists in the greylisting database.

and/or

Receiving domain uses more servers to receive emails. If the receiving server changes between temporary rejects, a new record has to be added to its greylisting database.

(assuming you have V6 version of EMSX)

If it is the first case, you could add domains like gmail.com to "Domain to IP whitelist" (Server/Antispam protection/Greylisting), this should help. You can also try to increase the "Unverified connections expiration time (hours)".

There is no solution for the second case yet, but EMSX v6.4 will be able to share greylisting databases between servers using ESET cluster.

filip

wyzwolenia · July 22, 2016

Hi Filip

Thanks for your help.

This is first case.

Is it possible use command line or power shell to add domains to "Domain to IP whitelist" ? What command?

If yes I build little script and normal user will add domain to txt file and script will be add it to "Domain to IP whitelist"

What is your opinion about decrease from 10 to 2 minuts this option "Time limit for the initial connection denial (min)"?

Edited July 22, 2016 by wyzwolenia

filips · August 4, 2016

Hi wyzwolenia,

you can use eShell to add domains to "Domain to IP whitelist" (eShell server as filtering>add approved-domain-to-ip-list domain.com)

If you want to run eShell from a script, you may need to change the ESET Shell execution policy (see documentation for more info)

Regarding the "Time limit for the initial connection denial (min)" setting - 2 minutes should be fine

wyzwolenia · August 9, 2016

Thanks but in your first post you give me information that I should use "Domain to IP whitelist"

But in next your post you wrote eshell option domain-to-ip-list

This is not the some. What command add domains to "Domain to IP whitelist" not "Approved Domain to IP list"

What is diference bettwen this two optins "Domain to IP whitelist" not "Approved Domain to IP list" ?

And if I add domain using "Domain to IP whitelist" it will be work as approved domain in GreyList too?

Edited August 9, 2016 by wyzwolenia

filips · August 9, 2016

Sorry, wrong context :/

This is antispam whitelist:
eShell server as filtering>add approved-domain-to-ip-list domain.com

This is greylisting whitelist (antispam scan is still performed):
eShell server as greylisting>add domain-to-ip-whitelist domain.com

Greylisting uses also antispam lists if "Use antispam lists to automatically bypass Greylisting" enabled

wyzwolenia · August 9, 2016

Thanks

I think I litte change. Please give me feedback about this:

If I good understand not bad idea is

1. enable "Use antispam lists to automatically bypass Greylisting"

2. add all my domain to antispam whitelist

If I do 1. and 2. point this (2.) will be bypass Graylist and Antispam module?

filips · August 9, 2016

Yes, you can use antispam lists to bypass both greylisting and antispam

wyzwolenia · August 15, 2016

One more thing not work

I try build Powershell script:

$i = Get-Content \\192.168.9.11\test\Greylist.txt | Measure-Object

if($i)

{

Get-Content \\192.168.9.11\test\Greylist.txt | Foreach-Object { eShell server as greylisting add domain-to-ip-whitelist $_ }

}

I put some domain to Greylist.txt but when this starts eShell server as greylisting add domain-to-ip-whitelist $_ this work but all time needs to user interaction because show every domain

and wait to user (enter):

A.com

B.com

c.com

1.com

-- More -- (ENTER - Line, SPACE - Page, X - End)

What I must do to work without this informatinon

Interesting is that this eShell server as filtering add approved-domain-to-ip-list $_ not produce this information

Could you help me?

filips · August 16, 2016

You can use this command to disable interactive paging:

eShell ui eshell>set lister disabled

Or you can just redirect the output to null (eShell server as greylisting add domain-to-ip-whitelist test.com > $null)

One more thing - there is a new import/export function coming in EMSX 6.4 (end of this month), so if you wait a while you can use this:

eShell server as greylisting import domain-to-ip-whitelist \\192.168.9.11\test\Greylist.txt

wyzwolenia · August 20, 2016

OMG beautifull Thanks for EMSX6.4 tip!

wyzwolenia · August 29, 2016

When will be 6.4? Now is 6.3

I can upgrade Eset to 6.4 from program? Or I must download from website it and update ?

filips · September 7, 2016

EMSX 6.4.10007.0 is already available for download.

You need to download the file from website and start the upgrade manually

Sign In

Greylist - best practice

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Recently Browsing 0 members

Quick search

FAQ

Topics