1 Topic by answerman (edited by answerman 2014-11-18 08:14:08)

  • answerman
  • Member
  • Offline
  • Registered: 2011-01-07
  • Posts: 69

Topic: Cluebringer auto-blacklisting outbound.protection.outlook.com

==== Required information ====
- iRedMail version: 0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 6.5
- Related log if you're reporting an issue:
====
Is anyone else having this problem?  I see what the issue is, but I'm not quite sure how to solve it.  I set up throttling this weekend and it is working great at stopping spammers, but mail from outbound.protection.outlook.com (which is Office365) is triggering the auto-blacklist feature in Cluebringer.  I understand why - because of the volume of mail that comes from Office365.  I've been adding the IP blocks to the whitelist as I see them coming up, but I don't want to be doing this every day.  Is there any way to whitelist everything coming from outbound.protection.outlook.com so it doesn't trigger the quota?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: Cluebringer auto-blacklisting outbound.protection.outlook.com

if it's whitelisted, it won't be triggered as auto-blacklisted.

3 Reply by answerman

  • answerman
  • Member
  • Offline
  • Registered: 2011-01-07
  • Posts: 69

Re: Cluebringer auto-blacklisting outbound.protection.outlook.com

Agreed that whitelisting fixes it, but there are multiple IP blocks that they send from.  So far I've had to whitelist 5 blocks in the last 8 hours.  Isn't there another way around it?  I'm not sure where Cluebringer fits into the flow of things, maybe a way to skip greylisting altogether for that domain before it gets to Cluebringer?

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: Cluebringer auto-blacklisting outbound.protection.outlook.com

You can whitelist them in SQL table "greylisting_whitelist" to bypass greylisting.

5 Reply by answerman

  • answerman
  • Member
  • Offline
  • Registered: 2011-01-07
  • Posts: 69

Re: Cluebringer auto-blacklisting outbound.protection.outlook.com

OK, let's look at this a different way. 

Whitelisting the IP blocks is NOT the answer.  It will be a constant fight to whitelist all these IP blocks every time one gets blacklisted (as many as 10 per day).  What I want to do is exclude these servers from greylisting without having to know the IP address.  I may have fixed it somewhat by raising the threshold from 100 messages in 60 seconds to 200 messages in 60 seconds, thinking that maybe the auto-whitelist quota will catch these before they get blacklisted.  I admittedly am not sure how Cluebringer applies all of these rules and which rule has priority over other rules, so this is just a guess.

For a long term solution, I've been looking through the database and documentation and I think what I really need is to isolate the sender at the HELO check (because that's the identifier in this case, the HELO returns outbound.protection.outlook.com).  So, is there a way to bypass greylisting once the HELO check completes?  I assume that happens before the greylisting check.

For what it's worth, I am now having the same issue with gmail.com and domains hosted with Google Apps.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,790

Re: Cluebringer auto-blacklisting outbound.protection.outlook.com

iRedMail already has Cluebringer rule to bypass greylisting for specified senders, but the latest iRedAdmin-Pro cannot manage it.
As a temporary solution, you can add these senders to Cluebringer policy group 'no_greylisting_for_external'.