Greylist and gmail

[SeLLeRoNe]

Hi everyone,

im using greylist since long time now but actually im facing an "issue", users receive email from gmail after 24 hours (about).

The reason is that gmail try to send same mail using differents mail servers so each time it get greylisted and the next try have a different hostname.

I would like to ask so if there is a way (and possibly how) for whitelist some "know" addresses as for example *.gmail.com

Thanks

Regards

 

[nobaloney]

This is an old post, so the answer isn't right, but the method for finding the answer is, and should always be up-to-date:

http://www.emailquestions.com/gmail/2435-gmail-outgoing-mail-server-ip-address-list.html

Jeff

 

[SeLLeRoNe]

Thanks Jeff for this link but actually my main problem is where to put this list of ip/hosts for greylist

Regards

 

[zEitEr]

greylist add --white <IP>

should do the trick.

add [--white|--grey|--black] data...
Add data to the corresponding list (white if unspecified). If the triplet of a future mail deliveriy (subject to timeouts) matches this
data, the idea is that the message would be accepted, temporarily rejected, or permanently rejected, respectively.

It can be any part of this triplet:

12.13.15.15 [email protected] [email protected]

 

[SeLLeRoNe]

Thanks Alex,

so there is no a whitelist file that can be more easly filled as far as you know?

The command would work also with *.gmail.com?

Regards

 

[zEitEr]

so there is no a whitelist file that can be more easly filled as far as you know?

Did you read man pages? All the answers can be found there (I've just checked it myself):

man greylist

man greylistd

Please read it. I don't think it's necessary to copy-paste content of the man pages here.

The command would work also with *.gmail.com?

I doubt that. Maybe with @gmail.com it will.

 

[SeLLeRoNe]

Thanks Alex.

Yes i did check man pages but i didnt actually totally get it so, thanks for explanation.

Regards

 

[SeLLeRoNe]

Just for update, maybe some one would need it aswell.

I did read that is high recommended to put some "big providers" in whitelist on production to dont overload server and faster relay emails to customers.

Analyzing the code i did found that actually in exim.conf it is set to check a whitelist file (/etc/greylistd/whitelist-hosts)

So, filling this file with IPs do the trick, actually, i did also found a public NON COMPLETE whitelist here: http://projects.puremagic.com/web-svn/wsvn/greylisting/trunk/schema/whitelist_ip.txt

Menthioned also here: http://www.greylisting.org/whitelisting.shtml

In this last page also i did found an maybe useful information that i'll test in the future:

Shared automatic whitelists of MTAs

P2PWL (peer to peer whitelisting) is an automatic tool to determine reputable SMTP hosts and whitelist them. The information about reputable SMTP hosts is then automatically shared among other users of the P2PWL tool.

The idea here is to automatically whitelist as many reputable SMTP hosts as possible to limit the amount of mail that is delayed by greylisting.

P2PWL should be a nice tool to implement for collaboration between providers and for get always latest updated list of IP we should "trust".

Hope is helpful for someone else too.

Regards

 

[nobaloney]

It may be time for me to redo SpamBlocker; is there a good, complete, solution for adding greylisting to a DirectAdmin server, posted anywhee, which will work on all OS Distributions which run DirectAdmin? If so, please point us to it. But please be sure you know it works; my point is not to just save myself a search, but rather to start with something that we know works, and go on from there.

Thanks.

Jeff

 

[SeLLeRoNe]

Hi Jeff,

if you want i can send you the steps from my own script for install greylist and my current exim.conf (SB 4.1) with greylist integration.

Let me know.

Regards

 

[nobaloney]

Please do, thanks. And be sure to let me know your OS distribution.

Thanks.

Jeff

 

[SeLLeRoNe]

Mail sent.

Notice, the whitelist system apparently did not solve the issue whit gmail for now, im still searching for a solution.

If anyone hit the same issue and find a solution, please, post it here.

Regards

 

[SeLLeRoNe]

NEW UPDATE:

Ive found this article: http://www.codelime.net/Howto/DirectAdmin/Attivare_le_RBL_e_greylist_per_exim/2/

Testing now this PHP script:

<?php
$f = file_get_contents("http://users.aber.ac.uk/auj/spam/iplist.txt");

if(preg_match_all("#([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})#si",$f,$r)){ // legge gli ip dal file
    foreach($r[0] as $ip){
        $r = exec("/usr/bin/greylist check ".escapeshellarg($ip)); // controlla se l'ip è già in whitelist
        if($r!='white'){
            exec("/usr/bin/greylist add --white ".escapeshellarg($ip)); // e lo inserisce in whitelist
        }
    }
} else {
    echo "GREYLIST: nothing to import";
}
?>

That get list from this URL: http://users.aber.ac.uk/auj/spam/iplist.txt

Ive copied to my server this list in case it disappear but look nice, for each entry it addthe IP to whitelist using greylistd command (presuming you're not blocking exec function).

Im testing this list right now, gonne let you know if it solve my issue.

Regards

 

[nobaloney]

As the host of the list points out, it's just a daily output from his server; there's no guarantee it's a good whitelist for you or I. For example, I know it's not complete for Google; I received last Saturday an email from mail-qa0-f41.google.com ([209.85.216.41]) and it's not on that list.

Jeff

 

[nobaloney]

If anyone hit the same issue and find a solution, please, post it here.

This is probably a better source of the list for Gmail:

http://www.emailquestions.com/gmail/2435-gmail-outgoing-mail-server-ip-address-list.html

Jeff

 

[SeLLeRoNe]

Yes but the output is a /20 /18 /17 and apparently i cant put a subnet in the ip, so, maybe is a mine missing but,how can i grep the complete list instead of a subnet?

PS. Did you receive my email?

Regards

 

[nobaloney]

I don't yet do greylisting (I find that nolisting works well for me and shouldn't require whitelisting) but I suppose if you can't enter a subnet you'd have to create the list manually or write a script to create it manually.

Jeff

 

[SeLLeRoNe]

Does you guys know what command should i use or does you have already a script for this that you would like to share?

Im actually lost with this, didnt found any good information about that and none way to got each address ip for this networks:

216.239.32.0/19
64.233.160.0/19
66.249.80.0/20
72.14.192.0/18
209.85.128.0/17
66.102.0.0/20
74.125.0.0/16
64.18.0.0/20
207.126.144.0/20
173.194.0.0/16


Thanks in advance for your help.

Regards

 

[zEitEr]

I've just removed Greylist from my private server. As notifications from Google comes to me with a very great delay: 3-5 days. That does not suit me when it relates to alerts from Google Webmaster.

Nevertheless my experience of using Greylist is rather good. So I would probably keep using it, if not the case.

 

[SeLLeRoNe]

I had to disable greylistd aswell for the exactly same problem

I still didnt faced how have a complete list of ip from the submask taken from google spf.

With that, a whitelist should be the solution (just with google for now)

Regards