greylistd, hotmail, yahoo and email


Today I discovered something rather irritating.

When using greylistd, a rather effective anti-spam measure, it was discovered that there were issues with the mail server delivering mail from Hotmail, Yahoo and Gmail.

The reason is quite simple.

Greylistd is a deamon that rejects emails the first time they are sent, sending a 4xx status code (meaning: please retry later).

Greylistd logs mails based on a hash of the target email address, the source email address, and the IP of the mailserver.

Unfortunatly, the above mentioned services do something rather annoying, and deliver mail from a pool of servers. If the first server can’t send, it tries the second one (and the third one, etc), never (it seems) retrying the mail from the same server twice.

This means that mails from those services are always rejected and being told to retry later, and the mail never gets delivered.

Oops.

The solution is to whitelist their servers. According to Google, there are whitelists of annoying mailservers like this.

Click to see the entire article to see the whitelist that I use.

127.0.0.1       # Of course we don't want to delay ourselves or local users
192.168         # Don't delay our private networks either
10              # Private net (class A)
172.16          # Another private net (inidividual entries, since can't
172.17          #   do a /12 netmask easily
172.18
172.19
172.20
172.21
172.22
172.23
172.24
172.25
172.26
172.27
172.28
172.29
172.30
172.31

# Public Servers

12.5.136.141    # Southwest Airlines (unique sender, no retry)
12.5.136.142    # Southwest Airlines (unique sender, no retry)
12.5.136.143    # Southwest Airlines (unique sender, no retry)
12.5.136.144    # Southwest Airlines (unique sender, no retry)
12.107.209.244	# kernel.org mailing lists (high traffic, unique sender per mail)
63.82.37.110	# SLmail
63.169.44.143	# Southwest Airlines (unique sender, no retry)
63.169.44.144	# Southwest Airlines (unique sender, no retry)
64.7.153.18     # sentex.ca (common pool)
64.12.137       # AOL (common pool) - http://postmaster.aol.com/servers/imo.html
64.12.138       # AOL (common pool)
64.124.204.39	# moveon.org (unique sender per attempt)
64.125.132.254  # collab.net (unique sender per attempt)
#64.233.162	# zproxy.gmail.com (common server pool, bad 451 handling?)
#64.233.170	# rproxy.gmail.com (common server pool, bad 451 handling?)
#64.233.182	# nproxy.gmail.com (common server pool, bad 451 handling?)
#64.233.184	# wproxy.gmail.com (common server pool, bad 451 handling?)
#65.82.241.160	# Groupwise?
66.94.237	# Yahoo Groups servers (common pool, no retry)
66.100.210.82	# Groupwise?
66.135.209      # Ebay (for time critical alerts)
66.135.197      # Ebay (common pool)
66.162.216.166	# Groupwise?
66.206.22.82	# PLEXOR
66.206.22.83	# PLEXOR
66.206.22.84	# PLEXOR
66.206.22.85	# PLEXOR
66.218.66       # Yahoo Groups servers (common pool, no retry)
66.218.67       # Yahoo Groups servers (common pool, no retry)
66.218.69       # Yahoo Groups servers (common pool, no retry)
#66.249.82	# gmail (common server pool, bad 451 handling)
66.27.51.218	# ljbtc.com (Groupwise)
#66.89.73.101	# Groupwise?
#68.15.115.88	# Groupwise?
#72.14.204      # qproxy.gmail.com (common server pool, bad 451 handling?)
152.163.225     # AOL (common pool)
194.245.101.88	# Joker.com (email forwarding server)
195.235.39.19	# Tid InfoMail Exchanger v2.20
195.238.2       # skynet.be (wierd retry pattern, common pool)
195.238.3       # skynet.be (wierd retry pattern, common pool)
#204.60.8.162	# Groupwise?
204.107.120.10	# Ameritrade (no retry)
205.188.139.136	# AOL (common pool)
205.188.139.137	# AOL (common pool)
205.188.144.207	# AOL (common pool)
205.188.144.208	# AOL (common pool)
205.188.156.66	# AOL (common pool)
205.188.157	# AOL (common pool)
205.188.159.7	# AOL (common pool)
205.206.231	# SecurityFocus.com (unique sender per attempt)
205.211.164.50	# sentex.ca (common pool)
207.115.63	# Prodigy (broken software that retries continually with no delay)
207.171.168	# Amazon.com (common pool)
207.171.180	# Amazon.com (common pool)
207.171.187	# Amazon.com (common pool)
207.171.188	# Amazon.com (common pool)
207.171.190	# Amazon.com (common pool)
#209.104.63	# Ticketmaster (poor retry config)
209.132.176.174 # sourceware.org mailing lists (high traffic, unique sender per mail)
211.29.132	# optusnet.com.au (wierd retry pattern and more than 48hrs)
213.136.52.31	# Mysql.com (unique sender)
#216.136.226.0	# Yahoo Mail?
#216.157.204.5	# Groupwise?
#216.239.56     # proxy.gmail.com (common server pool, bad 451 handling?)
217.158.50.178  # AXKit mailing list (unique sender per attempt)

Leave a Reply