Knowledge Base

Greylisting defers emails from senders that use multiple IP addresses

 
domainsemailipmailmicrosoft

Symptoms

  • Messages from senders that use different IP addresses (e.g. Office365 email accounts) are deferred by greylisting handler with the following messages in /var/log/maillog:

    /usr/lib64/plesk-9.0/psa-pc-remote[956]: DEFER during call 'grey' handler
     /usr/lib64/plesk-9.0/psa-pc-remote[956]: Message aborted.
     postfix/smtpd[2028]: 61AF6E27BAB4: milter-reject: DATA from mail-*.outbound.protection.outlook.com[10.10.10.10]: 451 4.7.1 Service unavailable - try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<*.outbound.protection.outlook.com>
    server postfix/cleanup[17368]: C860512160C: milter-reject: END-OF-MESSAGE from mail-eopbgr60135.outbound.protection.outlook.com[40.107.6.135]: 4.7.24 SPF validation error.; [email protected] [email protected] proto=ESMTP helo=<EUR01-DB5-obe.outbound.protection.outlook.com>

  • In some cases, email messages are delivered within 1-2 days.

  • The following message can be delivered to a sender (e.g. Office365 email account):

    PLESK_INFO: Final-recipient: RFC822; [email protected]
    Action: failed
    Status: 5.4.0
    X-Supplementary-Info: < #5.4.300 smtp;550 5.4.300 Message expired -> 451 4.7.1 Service unavailable – try again later>

Cause

This is expected behavior when greylisting is enabled: The first message is rejected, and the next message sent from the same address (sender server IP address and ‘From:’) will be accepted after a certain length of time passes. So if an email address is the same, but IP address is different, emails from this email address will be rejected.

For example, emails from *protection.outlook.com are sent from multiple IP addresses. This causes greylisting treat every new retry as a new message, so there is a delay in message delivery until the same pair of email/IP address is logged.

Resolution

Set up a server-wide white-list for Office 365 domains – a list of hosts which emails will be accepted without greylisting check-ups:

  1. Connect to the Plesk server via SSH.

  2. Add the main part of a sender hostname in the command below (in this example, it is for Office365) and run it:

    # /usr/local/psa/bin/grey_listing -u -domains-whitelist add:*outbound.protection.outlook.com

    To learn more about greylisting configuration options, visit this KB article.

 

To make sure that the network allows connections from all Exchange Online Protection (EOP) IP address ranges., visit this Microsoft Docs page.

Read the full article
Related Posts
Knowledge Base

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2021 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WordPress Toolkit

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt