Hello!
Do I really have to whitelist all the IPs of outbound.protection.outlook.com in postgrey? Oct 2 10:57:28 bitclusive1 postfix/smtpd[20061]: NOQUEUE: reject: RCPT from mail-eopbgr680083.outbound.protection.outlook.com[40.107.68.83]: 450 4.2.0 <[hidden email]>: Recipient address rejected: Greylisted for 60 seconds; from=<bounces+SRS=6CNNV=[hidden email]> to=<[hidden email]> proto=ESMTP helo=<NAM04-BN3-obe.outbound.protection.outlook.com> Kind regards Andreas |
On 2019-10-02 ratatouille wrote:
> Do I really have to whitelist all the IPs of > outbound.protection.outlook.com in postgrey? No. You could simply stop graylisting and instead use spam protection measures without its side effects (e.g. postscreen). Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky |
Ansgar Wiechers <[hidden email]> schrieb am 02.10.19 um 11:56:56 Uhr:
> On 2019-10-02 ratatouille wrote: > > Do I really have to whitelist all the IPs of > > outbound.protection.outlook.com in postgrey? > > No. You could simply stop graylisting and instead use spam protection > measures without its side effects (e.g. postscreen). I use both, postscreen and postgrey. Andreas |
>> On 2019-10-02 ratatouille wrote:
>> > Do I really have to whitelist all the IPs of >> > outbound.protection.outlook.com in postgrey? >Ansgar Wiechers <[hidden email]> schrieb am 02.10.19 um 11:56:56 Uhr: >> No. You could simply stop graylisting and instead use spam protection >> measures without its side effects (e.g. postscreen). On 02.10.19 14:12, ratatouille wrote: >I use both, postscreen and postgrey. with postscreen, postgrey is in fact obsolete. I got rid of it, since of too many false positives related to outlook, gmail etc. -- Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I don't have lysdexia. The Dog wouldn't allow that. |
On Wed, Oct 02, 2019 at 02:20:48PM +0200, Matus UHLAR - fantomas wrote:
> > I got rid of it, since of too many false positives related to outlook, gmail > etc. Why would you greylist something that's easily skipped using DNSWL etc? |
Henrik K <[hidden email]> schrieb am 02.10.19 um 15:46:18 Uhr:
> On Wed, Oct 02, 2019 at 02:20:48PM +0200, Matus UHLAR - fantomas wrote: > > > > I got rid of it, since of too many false positives related to outlook, gmail > > etc. > > Why would you greylist something that's easily skipped using DNSWL etc? Thank you! I'll look for that stuff. Andreas |
On Wed, Oct 02, 2019 at 02:50:23PM +0200, ratatouille wrote:
> Henrik K <[hidden email]> schrieb am 02.10.19 um 15:46:18 Uhr: > > > On Wed, Oct 02, 2019 at 02:20:48PM +0200, Matus UHLAR - fantomas wrote: > > > > > > I got rid of it, since of too many false positives related to outlook, gmail > > > etc. > > > > Why would you greylist something that's easily skipped using DNSWL etc? > > Thank you! I'll look for that stuff. Just use permit_dnswl_client before your postgrey permit_dnswl_client list.dnswl.org check_policy_service inet:127.0.0.1:12345 These should be pretty much last lines in your checks, remember that is accepts the message at that stage when listed. Of course you can also create manual whitelist lookup tables. |
In reply to this post by ratatouille-2
* ratatouille <[hidden email]>:
> Hello! > > Do I really have to whitelist all the IPs of outbound.protection.outlook.com in postgrey? Yes. There's a script for that: # Postwhite - Automatic Postcreen Whitelist / Blacklist Generator # # https://github.com/stevejenkins/postwhite # # By Steve Jenkins (https://www.stevejenkins.com/) # -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG, 80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein |
In reply to this post by ratatouille-2
Dnia 2.10.2019 o godz. 11:05:31 ratatouille pisze:
> > Do I really have to whitelist all the IPs of outbound.protection.outlook.com in postgrey? I just put the domain name outbound.protection.outlook.com into /etc/postgrey/whitelist_clients.local and it works for me. -- Regards, Jaroslaw Rafa [hidden email] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." |
In reply to this post by Henrik K
On 2019/10/02 16:13, Henrik K wrote:
> On Wed, Oct 02, 2019 at 02:50:23PM +0200, ratatouille wrote: > > Henrik K <[hidden email]> schrieb am 02.10.19 um 15:46:18 Uhr: > > > > > On Wed, Oct 02, 2019 at 02:20:48PM +0200, Matus UHLAR - fantomas wrote: > > > > > > > > I got rid of it, since of too many false positives related to outlook, gmail > > > > etc. > > > > > > Why would you greylist something that's easily skipped using DNSWL etc? > > > > Thank you! I'll look for that stuff. > > Just use permit_dnswl_client before your postgrey > > permit_dnswl_client list.dnswl.org > check_policy_service inet:127.0.0.1:12345 > > These should be pretty much last lines in your checks, remember that is > accepts the message at that stage when listed. > > Of course you can also create manual whitelist lookup tables. > dnswl doesn't have a good list of Microsoft servers, less than half of their deliveries to me today came from servers listed on dnswl. I make my own list from their SPF records to exempt them from greylist-type checks. Examples of some currently used that aren't on dnswl: 104.47.0.33 104.47.4.33 104.47.9.33 104.47.9.36 104.47.12.33 104.47.13.33 104.47.46.33 104.47.58.33 104.47.125.33 104.47.126.33 |
Hi, not sure if this helps but, these are the networks that my postfix server is setup to send email to O365 so users get their mail delivered
# Microsoft Networks 23.103.132.0/22 23.103.136.0/21 23.103.144.0/20 23.103.198.0/23 23.103.200.0/22 23.103.212.0/22 40.92.0.0/14 40.107.0.0/17 40.107.128.0/18 52.100.0.0/14 65.55.88.0/24 65.55.169.0/24 94.245.120.64/26 104.47.0.0/17 157.55.234.0/24 157.56.110.0/23 157.56.112.0/24 207.46.100.0/24 207.46.163.0/24 213.199.154.0/24 213.199.180.128/26 216.32.180.0/23 You may need to lock things down more than me but this is the list that works for me. -ANGELO FAZZINA [hidden email] University of Connecticut, ITS, SSG, Server Systems 860-486-9075 -----Original Message----- From: [hidden email] <[hidden email]> On Behalf Of Stuart Henderson Sent: Wednesday, October 2, 2019 11:04 AM To: [hidden email] Subject: Re: outbound.protection.outlook.com On 2019/10/02 16:13, Henrik K wrote: > On Wed, Oct 02, 2019 at 02:50:23PM +0200, ratatouille wrote: > > Henrik K <[hidden email]> schrieb am 02.10.19 um 15:46:18 Uhr: > > > > > On Wed, Oct 02, 2019 at 02:20:48PM +0200, Matus UHLAR - fantomas wrote: > > > > > > > > I got rid of it, since of too many false positives related to outlook, gmail > > > > etc. > > > > > > Why would you greylist something that's easily skipped using DNSWL etc? > > > > Thank you! I'll look for that stuff. > > Just use permit_dnswl_client before your postgrey > > permit_dnswl_client list.dnswl.org > check_policy_service inet:127.0.0.1:12345 > > These should be pretty much last lines in your checks, remember that is > accepts the message at that stage when listed. > > Of course you can also create manual whitelist lookup tables. > dnswl doesn't have a good list of Microsoft servers, less than half of their deliveries to me today came from servers listed on dnswl. I make my own list from their SPF records to exempt them from greylist-type checks. Examples of some currently used that aren't on dnswl: 104.47.0.33 104.47.4.33 104.47.9.33 104.47.9.36 104.47.12.33 104.47.13.33 104.47.46.33 104.47.58.33 104.47.125.33 104.47.126.33 |
Free forum by Nabble | Edit this page |