Knowledgebase
Downloads
RSS
Website
Home / UTM Platform / Manual / Email Protection / Antispam / Greylisting & Tarpit / Greylisting Configuration

Greylisting Configuration
Article ID: 38
Last updated:
Print
Export to PDF
Views: 429

Greylisting is pretty much an enable and run affair. The default values are optimal in the vast majority of cases but just in case someone needs to fine tune their system we provided an advanced settings menu where different parameters of the greylisting system can be changed. To enable greylisting on your machine, navigate to'Email->Antispam', the  'Greylisting & Tarpit' tab. Press the ‘Enable’ button under the ‘Status’ label; this should enable the greylisting system (see Figure 1).

Figure 1. Greylisting configuration screen

Should you find the default values provided for the greylisting system by Syneto not good enough, feel free to change them by accessing the advanced settings by pressing the ‘Open advanced settings’ button. A new zone is expanded, offering four configuration options:

  • greylisting time: this is the time a triplet (the email addresses of the sender and receiver of the email plus the IP address of the server sending the email) are kept in the database; during this period, no email are accepted that match the given triplet. Raise this value if you see that spam is still circumventing your greylisting system (you also make the spamming process more costly); lower this value if emails are slowed down unacceptably.
  • expire time for a triplet seen once: time after which a triplet is expired (deleted) after it has been seen only one time by the greylisting system; if the triplet is expired it has to endure again the greylisting period set upon any newly seen triplet.
  • expire time for a triplet seen multiple times: time after which a triplet is expired after it has been seen multiple times by the greylisting system; this value should be larger than the previous value for your system to work consistently and accurately.
  • C-Class greylisting: a special case of greylisting when, instead of comparing the IP addresses when checking for a triplet in the database the greylisting system checks if the two IP’s are part of the same /24 network

Each time a greylisting triplet is seen, the timestamp associated with the triplet is updated such that is possible to have a triplet that will never be expired because it is seen at regular intervals before the expire time for a triplet seen multiple times will ever occur.

Greylisting Exceptions

A greylisting exception system must be implemented because there are inevitably sources of emails that you trust and you don’t want them to be greylisted. Say, the company has a branch office in another city; it’s pointless to apply the greylisting process to the email originating from that site when you know for sure that you cannot receive spam that way. A greylisting exception actually defines a triplet that, when encountered, it is automatically passed through the greylisting system. Define exceptions by pressing the 'Bypass greylisting' button near the greylisting activation button. A popup window like in Figure 2 will show up allowing you to configure the desired exceptions.

An empty value (or ‘any’ in case of an IP address/network) should be treated like any possible value. It is acceptable to define an exception with all the fields empty (or set on ‘any’ for the IP field) which will match any triplet, thus invalidating the greylisting system.

Figure 2. Defining greylisting exceptions
Prev   Next
What is a Tarpit?     Tarpit Configuration

Powered by KBPublisher (Knowledge base software)

(c) Copyright 2008-2010 S.C. Syneto S.R.L. Romania