3 Oct
2017
3 Oct
'17
5:26 a.m.
Greylisting works by refusing incoming mail with a code 421 the first
time it's offered by the sending IP address, forcing the sender to retry
the delivery at least a minute later. (421 means "temporary failure,
too busy, try again later"). This works against a lot of spam because
generally, most spammers are "hit and run"; they don't retry.
Hotmail was doing the right thing there, retrying a few minutes later,
but the retry was coming from a different IP address each time, so it
never managed to establish that it was a retry and get past the greylister.
A more sophisticated greylister might have noticed that the hostname
retrying was coming from the same domain (*.protection.outlook.com),
but the greylister we have only works with IP addresses, not domains.
I solved the inbound problem, at least in the short term, by getting
a list of all the IP addresses used by hotmail and its cousins, and
adding those addresses to the greylister's "whitelist", thus allowing
the mail in on the first try. This list is available from Microsoft as a
'technet' article:
https://technet.microsoft.com/en-us/library/dn163583(v=exchg.150).aspx
This will work until they add more addresses, but they claim that changes
to the list are rare. There are thousands of addresses in the list so
maybe they have enough and it'll remain static for a while.
(We didn't used to have this problem because the mailing list host was
'hamradio.ucsd.edu' and was behind UCSD's spam filters, which use a
different mechanism. But 'hamradio' is being shut down so the list
had to move to a different provider.
So the inbound problem is solved for now. Outbound mail disappearing
inside hotmail remains a problem. Some hotmail people seem to be getting
the mailing list mail, others not. I've asked one (Ronen) who has not
been getting the mailing list mail to check his spam settings carefully,
and make sure that the mail isn't being routed to his 'junk' mailbox.
But there may be nothing we can do about it except to have him change
email services. I'm not sure gmail will be better, but so far it's been
less of a bother.
- Brian
We're having some problems with 44net email to and
from
hotmail.com. Mail from that domain is getting delayed,
sometimes for hours, and mail going to addresses in that
domain is received by the server but not delivered to the
users mailbox.
I think I've fixed the delay problem by adding more IP addresses
to the greylister 'whitelist', but I don't know of anything
I can do about the delivery problem.