Symptoms
-
Messages from senders that use different IP addresses (e.g. Office365 email accounts) are deferred by greylisting handler with the following messages in
/var/log/maillog
:/usr/lib64/plesk-9.0/psa-pc-remote[956]: DEFER during call 'grey' handler
/usr/lib64/plesk-9.0/psa-pc-remote[956]: Message aborted.
postfix/smtpd[2028]: 61AF6E27BAB4: milter-reject: DATA from mail-*.outbound.protection.outlook.com[10.10.10.10]: 451 4.7.1 Service unavailable - try again later; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<*.outbound.protection.outlook.com>
server postfix/cleanup[17368]: C860512160C: milter-reject: END-OF-MESSAGE from mail-eopbgr60135.outbound.protection.outlook.com[40.107.6.135]: 4.7.24 SPF validation error.; [email protected] [email protected] proto=ESMTP helo=<EUR01-DB5-obe.outbound.protection.outlook.com>
-
In some cases, email messages are delivered within 1-2 days.
-
The following message can be delivered to a sender (e.g. Office365 email account):
PLESK_INFO: Final-recipient: RFC822; [email protected]
Action: failed
Status: 5.4.0
X-Supplementary-Info: < #5.4.300 smtp;550 5.4.300 Message expired -> 451 4.7.1 Service unavailable – try again later>
Cause
This is expected behavior when greylisting is enabled: The first message is rejected, and the next message sent from the same address (sender server IP address and ‘From:’) will be accepted after a certain length of time passes. So if an email address is the same, but IP address is different, emails from this email address will be rejected.
For example, emails from *protection.outlook.com are sent from multiple IP addresses. This causes greylisting treat every new retry as a new message, so there is a delay in message delivery until the same pair of email/IP address is logged.
Resolution
Set up a server-wide white-list for Office 365 domains – a list of hosts which emails will be accepted without greylisting check-ups:
-
Connect to the Plesk server via SSH.
-
Add the main part of a sender hostname in the command below (in this example, it is for Office365) and run it:
# /usr/local/psa/bin/grey_listing -u -domains-whitelist add:*outbound.protection.outlook.com
To learn more about greylisting configuration options, visit this KB article.
Â
To make sure that the network allows connections from all Exchange Online Protection (EOP) IP address ranges., visit this Microsoft Docs page.