On October 19, 2021, we have enabled single-sign-on for our Plesk Support Center to provide a seamless login/account experience. This implies that you’ll be able to use a single account across any of our web-facing properties.
If you had already registered your account at MyPlesk.com/Plesk360/Platform360 please use one for login. Otherwise please re-register it using the same email address as your existing Zendesk login (support account). It’s essential that you use the same email address on our support center to ensure that your tickets stay attached to the same account.

Articles in this section

See more

How to configure Greylisting?

Avatar
Robert Asilbekov
Updated
Follow
Plesk for Linux Plesk Onyx for Linux kb: how-to ABT: Group A

Applicable to:

  • Plesk Onyx for Linux
  • Plesk for Linux

Question

How to configure Greylisting in Plesk?

Answer

Greylisting configuration is not possible via Plesk web-interface, but only with Plesk CLI.

Note: Greylisting feature is available only in Plesk for Linux.

Parameters like expire-interval, grey-interval, penalty-interval, and others are configured via the utility plesk bin grey_listing. Run the utility with --info-server to display configuration settings:

# plesk bin grey_listing --info-server
Grey listing configuration.
Grey listing checking disabled
Grey interval 5 minutes
Expire interval 51840 minutes
Penalty interval 2 minutes
Penalty disabled
Personal grey listing
configuration allowed
Server-wide black list:
Server-wide white list:
White domains patterns list:
Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9][0-9]*
dsl|pool|broadband|hsd
dynamic|static|ppp|dyn-ip|dial-up
SUCCESS: Gathering of server wide information complete.

Black/White lists for Greylisting are configured server-wide and per individual mail account in GUI.

Server-wide Greylisting White/Black lists are configured on the page Spam Filter Settings at Tools & Settings > Spam Filter Settings .

Greylisting White/Black lists configuration per mail account: Domains > domain name > Mail Accounts > jdoe@example.com > Spam Filter.

The page allows you to add email addresses only. To add the domain localhost to the White list, try adding the address *@localhost.

Alternatively, you may use Plesk CLI grey_listing to configure the spam filter. For example, to add the domain to the server-wide White list:

# plesk bin grey_listing --update-server -domains-whitelist add:*@domain.tld SUCCESS: Update of server-wide settings complete.

To add the domain example.com to the Greylisting White list for the mail account mail@domain.tld:

# plesk bin grey_listing --update-mailname mail@domain.tld -domains-whitelist add:*@example.com
SUCCESS: Update of mail 'mail@domain.tld' complete.

To get information about Black/White lists on mail accounts for mail@domain.tld:

# plesk bin grey_listing --info-mailname mail@domain.tld
Grey listing configuration for mail@domain.tld

User's black list:

User's white list: *@example.com

SUCCESS: Gathering information for 'mail@domain.tld

Additional information

Greylisting works as follows: the first message is rejected, and the next message sent from the same address (sender server IP address and 'From:') will be accepted after a certain length of time passes.

After the first email is rejected, the sender's address is added to the Greylisting database. The information is stored there for an expiration time interval (expire-interval).
For the message to be accepted, the grey interval (grey-interval) must complete. If the message was sent before the grey interval has passed, the penalty interval (penalty-interval) is added.

Comments

11 comments

Sort by Date Votes
  • Avatar
    Thomas Mendorf (Edited )

    It would be great if greylisting could be configured to only match on the first three octets and not all four of an IPv4 address (similar for IPv6) - there are large enterprises out there running several MX hosts on same subnet that seem to share one queue. It seems to be pretty common to have their mails retried up to 8 to 12 times for delivery (each MX will try once) which results in delays of half a day. I was happy to hear that greylisting is possible with Plesk however I still prefer my old solution that is capable of allowing same subnet senders.

    Alternatively, a range value (-/+) of IP address "neighbours" could be helpful, if someone feels that 255 hosts will be too much to accept on the second try.

    1
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    @Thomas Mendorf

    Hi!

    Thank you for sharing the idea!
    Please, share it at Plesk User Voice.
    The top-ranked suggestions are likely to be included in the next versions of Plesk.

     

    0
    Comment actions Permalink
  • Avatar
    Unknown User

    It is a good idea to get rid of the "static" blacklist rule, many hosting centers use this word in rev dns.

    0
    Comment actions Permalink
  • Avatar
    b_p

    Could you perhaps clarify the term white/black domain patterns in your explanations? Does this refer to the domain names of the sending client or to the sender domain of the e-mail (i.e. the domain part of the sender address)?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @b_p,

    These are  the domain parts of the sender address

    0
    Comment actions Permalink
  • Avatar
    b_p

    Hello @Ivan Postnikov,

    just to clarify, also related to the Plesk documentation (https://docs.plesk.com/en-US/onyx/cli-linux/using-command-line-utilities/grey_listing-greylisting.63188/):

    - the options -whitelist / -blacklist refer to the sender address / domain while

    - the option -whitelist-domain / -blacklist-domain refer to the domain / host name of the sending client?

    The latter option is hopefully what I am looking for because there are some providers (e.g. 1&1 Ionos, https://www.ionos.de/hilfe/e-mail-office/company-name-postmaster/ip-adressen-der-company-name-mailserver/), who use multiple servers (different IP addresses but same host name) for outgoing e-mails. This creates the problem that often e-mails are not delivered when for each subsequent connection attempt a different address is used. Thus, I was looking for a solution where I can whitelist the hostname of the sending server. I assume that -whitelist-domain does this? Unblocking individual mail domains does not work well in this case since these providers host a multitude of domains...

     

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello @b_p,

    The option -whitelist-domain / -blacklist-domain allows you to add sender hostname to black/white list, for example, like in this article
    https://support.plesk.com/hc/en-us/articles/115003642894-Mail-from-domain-specified-in-the-whitelist-rejected-by-greylisting

    0
    Comment actions Permalink
  • Avatar
    b_p

    Ivan Postnikov so how about using self-explanatory command options?
    I guess, -whitelist-host / -blacklist-host would be more appropriate instead of -whitelist-domain?

    0
    Comment actions Permalink
  • Avatar
    Ivan Postnikov

    Hello b_p

    Thank you for the feedback.

    Feel free to create a suggestion at our user-voice portal: https://plesk.uservoice.com/forums/184549-feature-suggestions

    0
    Comment actions Permalink
  • Avatar
    Bob B

    Hello.  In the first CLI example in this article, I think there is a mistake.  It says "-whitelist add:*@domain.tld" but I think it should say "-domains-whitelist add:*@domain.tld".

    0
    Comment actions Permalink
  • Avatar
    Robert Asilbekov

    Hello @Bob B,

    Thank you for the feedback, the article was updated.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles