Greylisting delay

Discussion in 'ISPConfig 3 Priority Support' started by Stelios, Mar 25, 2021.

  1. Stelios

    Stelios Active Member HowtoForge Supporter

    Hi all,
    I've changed my /etc/default/postgrey with:

    POSTGREY_OPTS="--inet=10023 --delay=60"

    and restarted postgrey but still emails are getting more than 60 seconds to arrive.
    Any idea how I can lower down that time/check?

    Thanks
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The sending server is free to decide when to retry the delivery of an email. So 60 seconds is not the time an email arrives, its the minimum time that the sending server must wait, so it may even wait an hour or longer to retry, if the admin of the sending system configured it like this.
     
  3. Stelios

    Stelios Active Member HowtoForge Supporter

    Thanks Till. Does it make sense (spam wise) to lower it down to 10 seconds for example?
    I've got problems due to long delay some temp passwords are expiring before I get the email.
     
  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    This would be very low, and as Till said, the sending server may still take longer to retry.
     
  5. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Some mail services will retry very quickly, and a lower value can allow mail to get delivered faster. I think I've seen some spam which retries immediately and would pass if < 5 seconds, so I wouldn't go below 5 or maybe 10. On the most recent server I configured I set rspamd greylist timeout to 6 seconds, fwiw.

    And on that note, you might consider the benefits of uninstalling postgrey entirely, then switching to rspamd and using it's greylisting feature, which activates at a score threshold, so mail which looks very unlike spam won't be greylisted, but mail which has more spam characteristics, yet not high enough to be marked as such, is delayed so that when/if it is retried, it's more likely to be on blacklists.
     
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    I should also note on this server I have postscreen in use, so a lot of spam that won't pass greylisting at all won't even hit rspamd. I don't know any stats offhand, but I think "greylist everything" used to be much more effective that it is today, with more (most?) spam coming from legit servers via compromised accounts; in that environment the purpose of greylisting is to gain a little more time for blacklists to catch up (and that's only a matter of seconds for some lists). Postscreen has no timeout (an immediate redelivery attempt will be allowed), and I use postwhite to bypass it for many large providers/mailers.
     
  7. Stelios

    Stelios Active Member HowtoForge Supporter

  8. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

Share This Page