Greylisting and GMAIL

Posted September 6th, 2008 by admin 2 Comments »

We have observed a very interesting thing regarding Greylisting and emails sent from Gmail. If greylisting is deployed on the server, emails sent FROM gmail to a POP account on the server may experience a LOT of delay in receipt of emails from gmail. This is actually NOT an issue with gmail or the greylisting process, but with the way gmail re-sends the greylisted email to the server. Let me explain this with the help of an example.

FIRST MAIL RETURNED FOR GREYLISTING

07:06:34 [209.85.200.169][4006086] cmd: EHLO wf-out-1314.google.com
07:06:34 [209.85.200.169][4006086] rsp: 250-tradebooster.info Hello [209.85.200.169] 250-SIZE 10485760 250-AUTH LOGIN CRAM-MD5 250 OK
07:06:34 [209.85.200.169][4006086] cmd: MAIL FROM:<username@gmail.com>
07:06:34 [209.85.200.169][4006086] rsp: 250 OK <username@gmail.com> Sender ok
07:06:34 [209.85.200.169][4006086] cmd: RCPT TO:<username@yourlocaldomain.com>
07:06:34 [209.85.200.169][4006086] rsp: 451 Greylisted, please try again in 300 seconds
07:06:34 [209.85.200.169][4006086] cmd: QUIT
07:06:34 [209.85.200.169][4006086] rsp: 221 Service closing transmission channel
07:06:34 [209.85.200.169][4006086] disconnected at 8/20/2008 7:06:34 AM

SAME EMAIL RECD AGAIN, DELIVERED TO USER

07:13:22 [209.85.200.170][57166957] cmd: EHLO wf-out-1314.google.com
07:13:22 [209.85.200.170][57166957] rsp: 250-tradebooster.info Hello [209.85.200.170] 250-SIZE 10485760 250-AUTH LOGIN CRAM-MD5 250 OK
07:13:22 [209.85.200.170][57166957] cmd: MAIL FROM:<username@gmail.com>
07:13:22 [209.85.200.170][57166957] rsp: 250 OK <username@gmail.com> Sender ok
07:13:23 [209.85.200.170][57166957] cmd: RCPT TO:<username@yourlocaldomain.com>
07:13:23 [209.85.200.170][57166957] rsp: 250 OK <username@yourlocaldomain.com> Recipient ok
07:13:23 [209.85.200.170][57166957] cmd: DATA
07:13:23 [209.85.200.170][57166957] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
07:13:23 [209.85.200.170][57166957] rsp: 250 OK
07:13:23 [209.85.200.170][57166957] Data transfer succeeded, writing mail to 270367115667.eml

In the above scenario, when the server returned the email to gmail SMTP, the same SMTP server sent the e-mail back and hence the mail was delivered to the actual user within 5-6 minutes. However, when the server returns the email to Gmail SMTP, this is NOT always the case. Gmail has multiple SMTPs running parallely and would re-send the email to the server via a different SMTP. Now when this email is received by the server, it would be coming from a different SMTP server and would be greylisted again. This process would continue till the server receives the email from the same SMTP host at gmail. This is illustrated below.

SECOND EMAIL RECD FROM wx-out-0506.google.com, RETURNED FOR GREYLISTING

07:14:04 [66.249.82.232][55297073] cmd: EHLO wx-out-0506.google.com
07:14:04 [66.249.82.232][55297073] rsp: 250-tradebooster.info Hello [66.249.82.232] 250-SIZE 10485760 250-AUTH LOGIN CRAM-MD5 250 OK
07:14:04 [66.249.82.232][55297073] cmd: MAIL FROM:<username@gmail.com>
07:14:04 [66.249.82.232][55297073] rsp: 250 OK <username@gmail.com> Sender ok
07:14:04 [66.249.82.232][55297073] cmd: RCPT TO:<username@yourlocaldomain.com>
07:14:04 [66.249.82.232][55297073] rsp: 451 Greylisted, please try again in 300 seconds
07:14:04 [66.249.82.232][55297073] cmd: QUIT
07:14:04 [66.249.82.232][55297073] rsp: 221 Service closing transmission channel
07:14:04 [66.249.82.232][55297073] disconnected at 8/20/2008 7:14:04 AM

SAME EMAIL RECD AGAIN FROM hs-out-0708.google.com, RETURNED FOR GREYLISTING SINCE SENDING SMTP IS DIFF.

07:20:10 [64.233.178.250][53658101] cmd: EHLO hs-out-0708.google.com
07:20:10 [64.233.178.250][53658101] rsp: 250-tradebooster.info Hello [64.233.178.250] 250-SIZE 10485760 250-AUTH LOGIN CRAM-MD5 250 OK
07:20:10 [64.233.178.250][53658101] cmd: MAIL FROM:<username@gmail.com>
07:20:10 [64.233.178.250][53658101] rsp: 250 OK <username@gmail.com> Sender ok
07:20:10 [72.51.46.158][33575438] cmd: DATA
07:20:10 [64.233.178.250][53658101] cmd: RCPT TO:<username@yourlocaldomain.com>
07:20:10 [64.233.178.250][53658101] rsp: 451 Greylisted, please try again in 300 seconds
07:20:10 [72.51.46.158][33575438] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
07:20:10 [64.233.178.250][53658101] cmd: QUIT
07:20:10 [64.233.178.250][53658101] rsp: 221 Service closing transmission channel
07:20:10 [64.233.178.250][53658101] disconnected at 8/20/2008 7:20:10 AM

SAME EMAIL RECD AGAIN FROM wf-out-1314.google.com, RETURNED FOR GREYLISTING SINCE SENDING SMTP IS DIFF.

07:38:13 [209.85.200.174][15186826] cmd: EHLO wf-out-1314.google.com
07:38:13 [209.85.200.174][15186826] rsp: 250-tradebooster.info Hello [209.85.200.174] 250-SIZE 10485760 250-AUTH LOGIN CRAM-MD5 250 OK
07:38:13 [209.85.200.174][15186826] cmd: MAIL FROM:<username@gmail.com>
07:38:13 [209.85.200.174][15186826] rsp: 250 OK <username@gmail.com> Sender ok
07:38:14 [209.85.200.174][15186826] cmd: RCPT TO:<username@yourlocaldomain.com>
07:38:14 [209.85.200.174][15186826] rsp: 451 Greylisted, please try again in 300 seconds
07:38:14 [209.85.200.174][15186826] cmd: QUIT
07:38:14 [209.85.200.174][15186826] rsp: 221 Service closing transmission channel
07:38:14 [209.85.200.174][15186826] disconnected at 8/20/2008 7:38:14 AM

SAME EMAIL RECD AGAIN FROM rn-out-0910.google.com, RETURNED FOR GREYLISTING SINCE SENDING SMTP IS DIFF.

08:08:40 [64.233.170.187][54388398] cmd: EHLO rn-out-0910.google.com
08:08:40 [64.233.170.187][54388398] rsp: 250-tradebooster.info Hello [64.233.170.187] 250-SIZE 10485760 250-AUTH LOGIN CRAM-MD5 250 OK
08:08:40 [64.233.170.187][54388398] cmd: MAIL FROM:<username@gmail.com>
08:08:40 [64.233.170.187][54388398] rsp: 250 OK <username@gmail.com> Sender ok
08:08:40 [64.233.170.187][54388398] cmd: RCPT TO:<username@yourlocaldomain.com>
08:08:40 [64.233.170.187][54388398] rsp: 451 Greylisted, please try again in 300 seconds
08:08:40 [64.233.170.187][54388398] cmd: QUIT
08:08:40 [64.233.170.187][54388398] rsp: 221 Service closing transmission channel
08:08:40 [64.233.170.187][54388398] disconnected at 8/20/2008 8:08:40 AM

SAME EMAIL RECD AGAIN FROM wf-out-1314.google.com, DELIVERED SINCE RECD FROM SAME SMTP.

09:08:31 [209.85.200.171][28421712] cmd: EHLO wf-out-1314.google.com
09:08:31 [209.85.200.171][28421712] rsp: 250-tradebooster.info Hello [209.85.200.171] 250-SIZE 10485760 250-AUTH LOGIN CRAM-MD5 250 OK
09:08:31 [209.85.200.171][28421712] cmd: MAIL FROM:<username@gmail.com>
09:08:31 [209.85.200.171][28421712] rsp: 250 OK <username@gmail.com> Sender ok
09:08:31 [209.85.200.171][28421712] cmd: RCPT TO:<username@yourlocaldomain.com>
09:08:31 [209.85.200.171][28421712] rsp: 250 OK <username@yourlocaldomain.com> Recipient ok
09:08:31 [209.85.200.171][28421712] cmd: DATA
09:08:31 [209.85.200.171][28421712] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
09:08:31 [209.85.200.171][28421712] rsp: 250 OK
09:08:31 [209.85.200.171][28421712] Data transfer succeeded, writing mail to 288362157076.eml

As you can see from the above there is a delay of approx 2 hours in receiving email. Now the obvious question is, how to resolve such an issue. There are 2 ways we see this being resolved.

Method 1 (NOT RECOMMENDED)

Bypass greylisting for the concerned domain. This method is however not recommended since this would mean an influx of SPAM e-mails on the domain. Just for one domain gmail.com, it makes no sense to bypass the greylisting process completely.

Method 2 (RECOMMENDED)

Whitelist the domain gmail.com for the entire server. When gmail.com is specifically whitelisted for all the domains on the server, the greylisting would automatically be bypassed for it. Thought this could possibly mean that % of spam may increase in the user’s inbox (due to phised emails), but the % increase would be FAR less than what it would be in method 1.

Tags: , , ,   Posted in Web Hosting Articles

Copyright © 2008 Tradebooster Blog.