Jump to content

Greylist - best practice


Go to solution Solved by filips,

Recommended Posts

Hi

Because I receive a lot of spam I decide enable greylists in Eset.

I have default settings.

Sometimes I receive email after more then 12h. Of course if I add this sender to alowed senders and he send me email again I receive it ASAP.

 

What settings I can change to speed up receive emails from senders who are not on greylist or alowed senders?

 

Can eset or exchange put all senders to which we sent emails to alowed senders or they domain there?

 

Any help?

Link to comment
Share on other sites

  • ESET Staff

hi wyzwolenia,

This problem can occur if the sending domain uses more IP addresses to send emails (e.g. gmail). If the IP address changes after temporary reject by greylisting, new connection cannot be paired with the one that already exists in the greylisting database.

and/or

Receiving domain uses more servers to receive emails. If the receiving server changes between temporary rejects, a new record has to be added to its greylisting database.

(assuming you have V6 version of EMSX)

If it is the first case, you could add domains like gmail.com to "Domain to IP whitelist" (Server/Antispam protection/Greylisting), this should help. You can also try to increase the "Unverified connections expiration time (hours)".

There is no solution for the second case yet, but EMSX v6.4 will be able to share greylisting databases between servers using ESET cluster.

filip
 

Link to comment
Share on other sites

Hi Filip

Thanks for your help.

This is first case.

 

Is it possible use command line or power shell to add domains to "Domain to IP whitelist" ? What command?

 

If yes I build little script and normal user will add domain to txt file and script will be add it to "Domain to IP whitelist" 

 

What is your opinion about decrease from 10 to 2 minuts this option "Time limit for the initial connection denial (min)"?

Edited by wyzwolenia
Link to comment
Share on other sites

  • 2 weeks later...
  • ESET Staff

Hi wyzwolenia,

you can use eShell to add domains to "Domain to IP whitelist" (eShell server as filtering>add approved-domain-to-ip-list domain.com)

If you want to run eShell from a script, you may need to change the ESET Shell execution policy (see documentation for more info)

Regarding the "Time limit for the initial connection denial (min)" setting - 2 minutes should be fine

Link to comment
Share on other sites

Thanks but in your first post you give me information that I should use "Domain to IP whitelist"

But in next your post you wrote eshell option domain-to-ip-list 

This is not the some. What command add domains to "Domain to IP whitelist" not "Approved Domain to IP list"

 

What is diference bettwen this two optins "Domain to IP whitelist" not "Approved Domain to IP list" ?

 

And if I add domain using  "Domain to IP whitelist" it will be work as approved domain in GreyList too?   

Edited by wyzwolenia
Link to comment
Share on other sites

  • ESET Staff

Sorry, wrong context :/

This is antispam whitelist:
eShell server as filtering>add approved-domain-to-ip-list domain.com

This is greylisting whitelist (antispam scan is still performed):
eShell server as greylisting>add domain-to-ip-whitelist domain.com

Greylisting uses also antispam lists if "Use antispam lists to automatically bypass Greylisting" enabled

Link to comment
Share on other sites

Thanks

I think I litte change. Please give me feedback about this:

 

If I good understand not bad idea is

1. enable "Use antispam lists to automatically bypass Greylisting"

2. add all my domain to antispam whitelist

If I do 1. and 2. point this (2.) will be bypass Graylist and Antispam module?

Link to comment
Share on other sites

One more thing not work

 

I try build Powershell script:

 

$i = Get-Content \\192.168.9.11\test\Greylist.txt | Measure-Object
if($i)
{
    Get-Content  \\192.168.9.11\test\Greylist.txt | Foreach-Object { eShell server as greylisting add domain-to-ip-whitelist $_ }
    
}
 
I put some domain to Greylist.txt but when this starts eShell server as greylisting add domain-to-ip-whitelist $_  this work but all time needs to user interaction because show every domain :( and wait to user (enter):
 
A.com
B.com
c.com
1.com
-- More -- (ENTER - Line, SPACE - Page, X - End)

 

What I must do to work without this informatinon

 

Interesting is that this eShell server as filtering add approved-domain-to-ip-list $_ not produce this information :o

 

Could you help me?

Link to comment
Share on other sites

  • ESET Staff
  • Solution

You can use this command to disable interactive paging:

eShell ui eshell>set lister disabled

Or you can just redirect the output to null (eShell server as greylisting add domain-to-ip-whitelist test.com > $null)


One more thing - there is a new import/export function coming in EMSX 6.4 (end of this month), so if you wait a while you can use this:

eShell server as greylisting import domain-to-ip-whitelist \\192.168.9.11\test\Greylist.txt

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...