Applicable to:
- Plesk 12.5 for Linux
- Plesk Onyx for Linux
- Plesk 11.x for Linux
- Plesk 12.0 for Linux
Question
How to configure Greylisting in Plesk?
Answer
Greylisting works as follows: the first message is rejected, and the next message sent from the same address (sender server IP address and 'From:') will be accepted after a certain length of time passes.
After the first email is rejected, the sender's address is added to the Greylisting database. The information is stored there for an expiration time interval (expire-interval).
For the message to be accepted, the grey interval (grey-interval) must complete. If the message was sent before the grey interval has passed, the penalty interval (penalty-interval) is added.
Greylisting configuration is not possible via Plesk web-interface, but only with Plesk CLI.
The utility is /usr/local/psa/bin/grey_listing for Redhat-based OS and /opt/psa/bin/grey_listing on Debian-based OS.
Parameters like expire-interval, grey-interval, penalty-interval, and others are configured via the utility grey_listing. Run the utility with --info-server to display configuration settings:
# /usr/local/psa/bin/grey_listing --info-server
Grey listing configuration.
Grey listing checking disabled
Grey interval 5 minutes
Expire interval 51840 minutes
Penalty interval 2 minutes
Penalty disabled
Personal grey listing
configuration allowed
Server-wide black list:
Server-wide white list:
White domains patterns list:
Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9][0-9]*
dsl|pool|broadband|hsd
dynamic|static|ppp|dyn-ip|dial-up
SUCCESS: Gathering of server wide information complete.
Black/White lists for Greylisting are configured server-wide and per individual mail account in GUI.
Server-wide Greylisting White/Black lists are configured on the page Spam Filter Settings at Tools & Settings > Spam Filter Settings . Greylisting White/Black lists configuration per mail account: Domains > domain name > Mail Accounts > mail_account@domain_name > Spam Filter.
The page allows you to add email addresses only. To add the domain localhost to the White list, try adding the address *@localhost.
Alternatively, you may use Plesk CLI grey_listing to configure the spam filter. For example, to add the domain to the server-wide White list:
# /usr/local/psa/bin/grey_listing --update-server -whitelist add:*@domain.tld SUCCESS: Update of server-wide settings complete.
To add the domain example.com to the Greylisting White list for the mail account mail@domain.tld:
# /usr/local/psa/bin/grey_listing --update-mailname mail@domain.tld -whitelist add:*@example.com
SUCCESS: Update of mail 'mail@
To get information about Black/White lists on mail accounts for mail@domain.tld:
# /usr/local/psa/bin/grey_listing --info-mailname mail@domain.tld
Grey listing configuration for mail@domain.tld
User's black list:
User's white list: *@example.com
SUCCESS: Gathering information for 'mail@domain.tld
Additional information
Note: Greylisting feature is available only in Plesk for Unix/Linux.
https://docs.plesk.com/en-US/onyx/administrator-guide/mail/antispam-tools/greylisting-linux.63249/
Comments
7 comments
It would be great if greylisting could be configured to only match on the first three octets and not all four of an IPv4 address (similar for IPv6) - there are large enterprises out there running several MX hosts on same subnet that seem to share one queue. It seems to be pretty common to have their mails retried up to 8 to 12 times for delivery (each MX will try once) which results in delays of half a day. I was happy to hear that greylisting is possible with Plesk however I still prefer my old solution that is capable of allowing same subnet senders.
Alternatively, a range value (-/+) of IP address "neighbours" could be helpful, if someone feels that 255 hosts will be too much to accept on the second try.
@Thomas Mendorf
Hi!
Thank you for sharing the idea!
Please, share it at Plesk User Voice.
The top-ranked suggestions are likely to be included in the next versions of Plesk.
It is a good idea to get rid of the "static" blacklist rule, many hosting centers use this word in rev dns.
Could you perhaps clarify the term white/black domain patterns in your explanations? Does this refer to the domain names of the sending client or to the sender domain of the e-mail (i.e. the domain part of the sender address)?
Hello @b_p,
These are the domain parts of the sender address
Hello @Ivan Postnikov,
just to clarify, also related to the Plesk documentation (https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/grey_listing-greylisting.63188/):
- the options -whitelist / -blacklist refer to the sender address / domain while
- the option -whitelist-domain / -blacklist-domain refer to the domain / host name of the sending client?
The latter option is hopefully what I am looking for because there are some providers (e.g. 1&1 Ionos, https://www.ionos.de/hilfe/e-mail-office/company-name-postmaster/ip-adressen-der-company-name-mailserver/), who use multiple servers (different IP addresses but same host name) for outgoing e-mails. This creates the problem that often e-mails are not delivered when for each subsequent connection attempt a different address is used. Thus, I was looking for a solution where I can whitelist the hostname of the sending server. I assume that -whitelist-domain does this? Unblocking individual mail domains does not work well in this case since these providers host a multitude of domains...
Hello @b_p,
The option -whitelist-domain / -blacklist-domain allows you to add sender hostname to black/white list, for example, like in this article
https://support.plesk.com/hc/en-us/articles/115003642894-Mail-from-domain-specified-in-the-whitelist-rejected-by-greylisting
Please sign in to leave a comment.