We use an advanced form of greylisting to prevent a significant amount of spam with minimal resource consumption. Although greylisting is a controversial technology, it is still very effective when used correctly.
First of all, it is important to mention that all nodes in our server cluster are synchronized with each other and have knowledge about the connections to each other. That's why it doesn't matter for greylisting technology to which node the connection is established. Furthermore, we remember legitimate senders in order to avoid a delay due to greylisting on legitimate servers.
Greylisting is based on the "triplet information" consisting of
Whenever EuropeanMX receives a message from an unknown triplet, the connection is temporarily rejected for 10 minutes after the first delivery attempt (SMTP 4xx error). A temporarily rejected mail means that the sending mail server is asked to save the message in a queue and retry delivery at a later time. Every proper mail server is required by RFC to support this method. This is a completely automated process where the sender receives no notification. It doesn't matter if the message is resent or sent to another node within this 10 minute interval, as redelivery is only accepted by our servers after 10 minutes. As a result, there is a small delay, which is why we use an extended system to avoid such delays. After the message is accepted from the initially unknown triplet, it is marked as legitimate so that future messages are not temporarily rejected. Furthermore, whenever we see at least 5 different successful legitimate triplets originating from the same IP/24 subnet or at least 2 different successful legitimate triplets originating from the same subnet as well as the same sender address, the subnet or subnet+address is added to an internal greylisting list to avoid greylisting connections from the same IP address. All active mail servers that successfully deliver a message to our server are therefore not affected by the greylisting technology, because these mail servers are entered on an internal greylisting permission list. Thus, the greylisting procedure is only applied to servers that are unknown to us. A server that is temporarily listed on a block list loses the entry in the approval list again, which is why it is checked again for new connections.
The sending server IP / 24 subnet is basically the first part of the sending server's IP address. For example, if a server has IP 222.153.243.117, then the string used in the triple is 222.153.243. This includes up to 256 (.0 - .255) servers, mostly within the same organization. This means that if an organization uses multiple sending mail servers (typically on the same subnet), it does not matter from which server the second delivery attempt is made.
Most support questions are related to temporarily rejected connections, as many customers only see the log entry that the message has been rejected temporarily and are unaware that this does not mean that the message has been blocked or identified as spam. The message was delayed only briefly to verify that the sending server is behaving correctly (in accordance with the SMTP server requirements).
The sending server IP / 24 Subnet is basically the first part of the IP address of the sending server. For example, if a server has IP 222.153.243.117, the string used in the triplet is 222.153.243, which includes up to 256 (. 0 -. 255) servers, usually within the same organization.This means that if an organization uses multiple sending mail servers (typically on the same subnet), it doesn't matter from which server the second delivery attempt is made.
More information about RFC and greylisting can be found in section 5.3.1.1 in RFC1123 (http://www.ietf.org/rfc/rfc1123.txt).
English
Deutsch
Arabic
Armenian
Bosnian
Bulgarian
Croatian
Czech
Danish
Dutch
Estonian
French
Georgian
Greek
Icelandic
Italian
Latvian
Lithuanian
Luxembourgish
Macedonian
Norwegian
Polish
Portuguese
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Turkish
Ukrainian