Half-Grey-Listing (Update 03)

Posted on July 7, 2017 by Hendrik Jäger

Half-Grey Listing

Concepts of nolisting and greylisting should be known.

Imagine this setup:

example.org         IN  MX  05 192.0.2.5
example.org         IN  MX  50 192.0.2.50
example.org         IN  MX  99 192.0.2.99

All addresses are on the same host running exim. Exim would go through the whole process (almost – since most stuff is rejected anyway, one may want to optimize here) as normal, but will tempreject (almost – abuse@ and postmaster@ should probably be unfiltered, just to make sure) everything on 192.0.2.5 and 192.0.2.99.

Is anything wrong about this (WRT to RFCs)? What might go wrong?

UPDATE 01

It seems there are a few appliances that can’t properly deal with this setup:

mgb.ch
linkedin.com (sending via rightnowtech.com?)
zuerich.ch (seems to be using a Sophos-Appliance)
waedenswil.ch (AFAIU they are using a Barracuda-Appliance)
ticketcorner.ch

I contacted all of them and the feedback I got so far:

linkedin.com: my request was not about my own account and they told me they can’t do a lot of things I don’t need them to do. They did not seem to even understand the issue, probably due to my request never getting through first level support. There may be more to come yet.
zuerich.ch: not sure whether they understand the problem but they surely don’t seem to see it as one. So far the reply was “nothing can be done about it”.
waedenswil.ch: Well, the appliance does it that way, so it’s likely correct, was basically their reply. They did promise to look further into it, so I’ll wait and see.

I disabled the setup for now, though, too many broken sites out there …

UPDATE 02

Setup running on the mostly unused domain hj-systems.de.

You can send me a testmail to test@hj-systems.de to see whether your email-infrastructure is able to deliver it.

If you have trouble getting the mails out, send to postmaster@hj-systems.de, which should always be deliverable.

UPDATE 03

Gmail fails as well. I successively moved the ‘defer’ statement to sooner stages of the smtp dialog:

DATA
RCPT TO
MAIL FROM
connect

In exim terms:

acl_smtp_data
acl_smtp_rcpt
acl_smtp_mail
acl_smtp_connect

Now, with the defer in acl_smtp_connect, it seems to work fine.