Applicable to:
- Plesk Onyx for Linux
- Plesk for Linux
Question
How to configure Greylisting in Plesk?
Answer
Greylisting configuration is not possible via Plesk web-interface, but only with Plesk CLI.
Note: Greylisting feature is available only in Plesk for Linux.
Parameters like expire-interval, grey-interval, penalty-interval, and others are configured via the utility plesk bin grey_listing. Run the utility with --info-server to display configuration settings:
# plesk bin grey_listing --info-server
Grey listing configuration.
Grey listing checking disabled
Grey interval 5 minutes
Expire interval 51840 minutes
Penalty interval 2 minutes
Penalty disabled
Personal grey listing
configuration allowed
Server-wide black list:
Server-wide white list:
White domains patterns list:
Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9][0-9]*
dsl|pool|broadband|hsd
dynamic|static|ppp|dyn-ip|dial-up
SUCCESS: Gathering of server wide information complete.
Black/White lists for Greylisting are configured server-wide and per individual mail account in GUI.
Server-wide Greylisting White/Black lists are configured on the page Spam Filter Settings at Tools & Settings > Spam Filter Settings .
Greylisting White/Black lists configuration per mail account: Domains > domain name > Mail Accounts > jdoe@example.com > Spam Filter.
The page allows to add email addresses only. To add the domain localhost to the White list, try adding the address *@localhost.
Alternatively, Plesk CLI grey_listing can be used to configure the spam filter. For example, to add the domain to the server-wide White list:
# plesk bin grey_listing --update-server -domains-whitelist add:*@domain.tld SUCCESS: Update of server-wide settings complete.
To add the domain example.com to the Greylisting White list for the mail account mail@domain.tld:
# plesk bin grey_listing --update-mailname mail@domain.tld -domains-whitelist add:*@example.com
SUCCESS: Update of mail 'mail@domain.tld' complete.
To get information about Black/White lists on mail accounts for mail@domain.tld:
# plesk bin grey_listing --info-mailname mail@domain.tld
Grey listing configuration for mail@domain.tld
User's black list:
User's white list: *@example.com
SUCCESS: Gathering information for 'mail@domain.tld
Additional information
Greylisting works as follows: the first message is rejected, and the next message sent from the same address (sender server IP address and 'From:') will be accepted after a certain length of time passes.
After the first email is rejected, the sender's address is added to the Greylisting database. The information is stored there for an expiration time interval (expire-interval).
For the message to be accepted, the grey interval (grey-interval) must complete. If the message was sent before the grey interval has passed, the penalty interval (penalty-interval) is added.
Comments
11 comments
It would be great if greylisting could be configured to only match on the first three octets and not all four of an IPv4 address (similar for IPv6) - there are large enterprises out there running several MX hosts on same subnet that seem to share one queue. It seems to be pretty common to have their mails retried up to 8 to 12 times for delivery (each MX will try once) which results in delays of half a day. I was happy to hear that greylisting is possible with Plesk however I still prefer my old solution that is capable of allowing same subnet senders.
Alternatively, a range value (-/+) of IP address "neighbours" could be helpful, if someone feels that 255 hosts will be too much to accept on the second try.
@Thomas Mendorf
Hi!
Thank you for sharing the idea!
Please, share it at Plesk User Voice.
The top-ranked suggestions are likely to be included in the next versions of Plesk.
It is a good idea to get rid of the "static" blacklist rule, many hosting centers use this word in rev dns.
Could you perhaps clarify the term white/black domain patterns in your explanations? Does this refer to the domain names of the sending client or to the sender domain of the e-mail (i.e. the domain part of the sender address)?
Hello @b_p,
These are the domain parts of the sender address
Hello @Ivan Postnikov,
just to clarify, also related to the Plesk documentation (https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/grey_listing-greylisting.63188/):
- the options -whitelist / -blacklist refer to the sender address / domain while
- the option -whitelist-domain / -blacklist-domain refer to the domain / host name of the sending client?
The latter option is hopefully what I am looking for because there are some providers (e.g. 1&1 Ionos, https://www.ionos.de/hilfe/e-mail-office/company-name-postmaster/ip-adressen-der-company-name-mailserver/), who use multiple servers (different IP addresses but same host name) for outgoing e-mails. This creates the problem that often e-mails are not delivered when for each subsequent connection attempt a different address is used. Thus, I was looking for a solution where I can whitelist the hostname of the sending server. I assume that -whitelist-domain does this? Unblocking individual mail domains does not work well in this case since these providers host a multitude of domains...
Hello @b_p,
The option -whitelist-domain / -blacklist-domain allows you to add sender hostname to black/white list, for example, like in this article
https://support.plesk.com/hc/en-us/articles/115003642894-Mail-from-domain-specified-in-the-whitelist-rejected-by-greylisting
Ivan Postnikov so how about using self-explanatory command options?
I guess, -whitelist-host / -blacklist-host would be more appropriate instead of -whitelist-domain?
Hello B Pfleging
Thank you for the feedback.
Feel free to create a suggestion at our user-voice portal: https://plesk.uservoice.com/forums/184549-feature-suggestions
Hello. In the first CLI example in this article, I think there is a mistake. It says "-whitelist add:*@domain.tld" but I think it should say "-domains-whitelist add:*@domain.tld".
Hello @Bob B,
Thank you for the feedback, the article was updated.
Please sign in to leave a comment.