Configuring Greylisting Policies

Document created by user.oxriBaJeN4 Employee on Sep 12, 2015Last modified by user.Yo2IBgvWqr on Aug 30, 2017
Version 9Show Document
  • View in full screen mode

Greylisting is a default compliance check applied to all inbound mail for connections not previously seen by Mimecast. Provided the sender's mail server (Message Transfer Agent - MTA) complies with best practice guidelines (RFC compliance), the message is successfully delivered.

 

The vast majority of spam is sent from applications designed specifically for that purpose. These applications appear to adopt the "fire-and-forget" method. This is where they attempt to send spam to one or more MX hosts for a domain, but never attempt a retry as a correctly configured MTA would. By using Greylisting Policies, any emails sent from an incorrectly configured MTA will not be accepted. This helps in reducing a significant amount of spam.

 

The Greylisting Process


Greylisting looks at the following pieces of information for the delivery attempt:

  • IP address of the MTA
  • Envelope sender address
  • Envelope recipient address

 

With this information triplet, we have a unique relationship for that particular SMTP session as follows:

  1. If we have never seen this triplet of information before, a server busy status (451 Resource is Temporarily Unavailable) is issued. This is a temporary failure and is maintained for 60 seconds, forcing the sending server to queue and retry.
  2. A correctly configured MTA always attempts to retry the message's delivery. If the MTA retries after 60 seconds and before the 12 hour upper limit, the message is accepted.
  3. If the message is not retried in this 12 hour period, an entry is logged in the Rejection Viewer as "Sender Failed to Retry" (12 hours after the initial attempt).
  4. If the sending MTA attempts again after 12 hours from the initial attempt, the greylisting process restarts.
By default an Exchange server retries to send a message every 10 minutes until the email retries expire.

Usage Considerations

 

Consider the following before creating a policy:

  • All email connections that have been subjected to greylisting are logged in connection attempts.
  • Any sender email address, domain, or IP address that is added to the Auto Allow or Permitted Senders list isn't subjected to greylisting.
  • A Greylisting policy is created by default by Mimecast Support during the Implementation process, configured to apply to all inbound traffic. There may be instances where you experience difficulty receiving emails from legitimate senders, whose MTA has not been correctly configured. If the sender’s MTA does not comply with RFC standards, but their messages are deemed safe for your organization, you can create a Greylisting Bypass policy.

 

Configuring a Greylisting Policy

 

To configure a Greylisting policy:

  1. Log on to the Administration Console.
  2. Click on the Administration menu item. A menu drop down is displayed.
  3. Click on the Gateway | Policies menu item. The Gateway Policy Editor is displayed.
  4. Click on Greylisting. A list of policies is displayed.
  5. Either select the:
    • Policy to be changed.
    • New Policy button to create a policy.
  6. Complete the Options section as required:
    OptionDescription
    Policy NarrativeProvide a description for the policy to allow you to easily identify it in the future.
    Select OptionSelect whether to apply Greylisting, or to take no action.
  7. Complete the Emails From and Emails To sections as required:
    Field / OptionDescription
    Addresses Based OnSpecify the email address characteristics the policy is based on. This option is only available in the "Emails From" section:
    OptionDescription
    The Return Address This default setting applies the policy to the SMTP address match, based on the message's envelope or true address (i.e. the address used during SMTP transmission).
    Applies From / ToSpecify the Sender characteristics the policy is based on. For multiple policies, you should apply them from the most to least specific. The options are:
    OptionDescription
    EveryoneIncludes all email users (i.e. internal and external). This option is only available in the "Emails From" section.
    Internal AddressIncludes only internal organization addresses.
    External AddressIncludes only external organization addresses. This option is only available in the "Emails From" section.
    Email DomainEnables you to specify a domain name to which this policy is applied. The domain name is entered in the Specifically field.
    Address GroupsEnables you to specify a directory or local group. If this option is selected, click on the Lookup button to select a group from the Profile Group field. Once a group has been selected, you can click on the Show Location field to display the group's path.
    Address AttributesEnables you to specify a predefined Attribute. The attribute is selected from the Where Attribute drop down list. Once the Attribute is specified, an attribute value must be entered in the Is Equal To field. This can only be used if attributes have been configured for user accounts.
    Individual Email AddressEnables you to specify an SMTP address. The email address is entered in the Specifically field.
  8. Complete the Validity section as required:
    Field / OptionDescription
    Enable / DisableUse this to enable (default) or disable a policy. If a date range has been specified, the policy will automatically be disabled when the end of the configured date range is reached.
    Set Policy as PerpetualIf the policy's date range has no end date, this field displays "Always On" meaning that the policy never expires.
    Date RangeUse this field to specify a start and / or end date for the policy. If the Eternal option are selected, no date is required.
    Policy OverrideThis overrides the default order that policies are applied. If there are multiple applicable policies, this policy is applied first unless more specific policies of the same type are configured with an override.
    Bi-DirectionalIf selected the policy is applied when the policy's recipient is the sender, and the sender is the recipient.
    Source IP Ranges (n.n.n.n/x)Enter any required Source IP Ranges for the policy. These only apply if the source IP address used to transmit the message data, falls inside or matches the range(s) configured. IP ranges should be entered in CIDR notation.
  9. Click on the Save and Exit button.

 

See Also...

 

5 people found this helpful

Attachments

    Outcomes