Thursday, August 30, 2007

Greylisting and Exchange

There is a potential issue between the Mail Servers that implement Greylisting and MS Exchange SMTP Servers.

Greylisting is used on some mail servers to tempfail first attempt of an email, asking the sending server to retry later. When Exchange tries to send mails to certain domains that implement ‘greylisting’, the mails fail to get delivered and an NDR is generated. Here is an example of what that NDR looks like:

"You do not have permission to send to this recipient. For assistance, contact your system administrator. server.domain.com #4.7.1 smtp;450 4.7.1 <recipient@greylistdomain.com>: Recipient address rejected: Greylisted"

The problem is that the sending Mail Servers are not delaying in response to a 450 "mailbox unavailable" response. The standard (RFC2821) specifies this as a transient condition and the sender should re-queue the message and resend it later. While it's reasonable to fail a message after receiving a number of these "transient failure" responses, the timeout before resending should be higher than 1 second - 10, 15 or 30 minutes are usual values.

By defaut, messages receiving a 4xx SMTP response are processed as a "glitch" 3 times before being put back into the queue for processing on the retry interval. So the problem is when the server resend the message 2 more times with a 1-second delay between attempts and then (presumably) fails delivery and notifies the sender that an error has occurred.

So as a workaround, we need to assertively set GlitchRetrySeconds to a value that allows the greylisting conditions to be satisfied, 120 seconds would do good in most of the cases.

How to Configure Glitch Retry Interval in Exchange Server 2003

4 comments:

Vinay Pal Singh said...

:-)

Eric said...

Thanks for the concise walkthrough. I originally saw the solution here but wasn't very clear on the exact process. This helped me big time.

Anonymous said...

My dad wants to give my iphone to someone, and I have some information that I want deleted (bank account info, misc flirts, etc.) How can I permanently delete this beyond recovery or undeletes? The person he's giving it to is a computer whiz,and I don't want him to have this info. Help



________________
[url=http://unlockiphone22.com]unlock iphone[/url]

Viagra Online said...

I've been looking this kind of information, now the Greylisting is something special in to many domains, specially in Occident. All is regarding to the assistance tendency and most of the readers can support my version.