Greylisting

cPanel users are able to control which of their domains use Greylisting through the Greylisting interface in both PaperLantern and x3. cPanel users will see a list of domains they control and a simple toggle to disable or enable Greylisting. Bulk actions to enable all or disable all are included in a gear icon located in the top right corner.
We highly recommend server administrators use Greylisting as a strong tool in their arsenal for combating spam.
Greylisting relies on the fact that most spam and viruses only try to deliver the message once. Greylisting temporarily denies the first attempt, telling the spammer to try again (450 Please try again later.) On the next attempt the message is accepted. If a mail server passes this test enough times it is added to a whitelist so it does not have to pass the greylisting test again.
 
Below are a few examples of how Greylisting works.
 
Example 1: alice@test.net sends a message to betty@shimahosting.co.za. Betty is using greylisting. So, on the first attempt to deliver Alice’s message Betty’s mail server denies the message and makes a note of the attempt in a database. Alice is sending through a normal email server which tries again after about four minutes. When Betty’s mail server sees this second attempt it checks the database and finds the previous note. Betty’s mail server marks the note as validated and accepts the message. Betty receives the message with only a four minute delay. Read on to see what happens when a spammer tries to send email to Betty!
 
Example 2: Alice’s computer becomes infected with a virus and finds Betty’s address in her Outlook address book. The virus reports the address to a big spam gang. Surely Betty’s inbox will be overflowing with junk soon! The spammers add Betty to their list and begin the onslaught. The first attempt is made and Betty’s mail server temporarily rejects the message just like before. But wait, spammers aren’t normal mail servers! They are not going to waste time and resources to try to send Betty the message twice, so Betty is unaffected by the failed spam attempt and her inbox remains spam-free. At worst, the spammer tries again and the message gets through. But Betty just cost that spammer more in time and resources.
 
Greylisting is the process of deferring emails from unknown senders. When the email arrives, Greylisting causes the server to return a message that boils down to, “I’m busy at the moment, try again in a bit.” Valid Mail Transfer Agents (MTAs), like Exim, will automatically retry many times. This retry time can be several minutes to start and last for several days. Invalid MTAs will simply give up and move to the next enticing spam target. We use these retry attempts as a way to weed out good email from bad. cPanel created its own Greylisting daemon, cpgrey, that runs at SMTP receipt time. 
 
This means it happens before any real data is sent. The cpgrey daemon looks for a triplet: a source IP address, a source email address, and a destination IP address. If this combination has not been seen in a set time frame (this time frame is configurable), cpgrey will defer all email from that triplet for a set initial block time (again this time frame is configurable.) After the initial block time has expired, the system will accept email from the triplet until the max block time has expired. Greylisting has its own interface in WHM that allows root users to configure many aspects of the system. You can set the time for the initial block, the must retry time, and the triplet expire time. 
 
You can also allow emails with valid SPF records to bypass Greylisting completely. The interface also includes a Trusted Hosts page that allows you to configure IP addresses and CIDR ranges to bypass Greylisting. Finally, we have added a simple report that allows you to see the current triplets in the Greylisting database. You can even add IP addresses and CIDR ranges directly from the report.
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

501 Too many syntax or protocol errors - Outlook / Outlook Express

Issue Error Messages: SMTP call from (workstation) [127.0.82.61] dropped: too many syntax or...

Auto Responders

This feature can be configured to automatically send response messages. This can be useful when...

BoxTrapper

BoxTrapper functions as a spam filter for email addresses. The filter works through...

Can I change MX record(s) for a domain?

There are couple of scenarios involving MX records.    1. You want all emails for your domain...