a) Mcafee Appliance does not list Greylisting partner by SUBNET and ONLY by single IP-host.
b) GMAIL and other come with different IP-Host on second try
We currently have an issue with a MEG 4500 Email Gateway running V7.6 2810.102. We did narrow this
down to Senders with diffrent MX and IP's like GMAIL, Novartis, Yahoo or Office365. In words everything
that has a large Mail structure. We first searched in the way of max. HOPS/Hosts or MX record which was limited
to 100 by another Mcafee partner and i think is default outofthebox setting.
We have tracked the problem to greylisting:
1) First contact comes from new E-Mail as example GMAIl account
2) The IP-address and NOT the SUBNET gets greylisted (Log says blocked)
3) Sender tryes again maybe with different IP-address and other MX source (This depends from seconds to 9 hours)
4) We heard that GMAIL may come back to fast with the second contact in Greylist but i think they should at least stay around the 300 seconds.
As soon as the CONTACT is done, either by time (GMAIL 4-9 hrs.!) or by a user sending back and forth it's no problem. This is also valid only for incoming E-Mail TO the Mcafee appliance.
We have come so far to say the underlying Postfix and Greylisting is based on single IP HOSTS and not IP-Subnets. As example actual Fortimail 100/200 does
this by subnets because of the fact that larger mail sender come with different IP's. I have also seen blogs where regular Posfix users download IP-Lists
with MX sender ranges that may have problem (GMAIl, Some Airlines, Yahoo, Amazon) and then integrate that or except those hosts from Greylisting in some kind of way.
This would be the way to go is you run your own Linux Mail Server with Postfix. But that not the reason people buy applliance ;-)
Since this i a larger problem and we have many customer coming from Outlook.com and also Azure and people use Android /GMAIl) business related we have seen an increase in that problem.
We are both, Mcafee and Fortigate partners and are searching for a true solution and also some strategy statements. Since the Fortimail 200 appliance has jumped up to around CHF 4000.- per appliance the MEG is coming in range again where it's beginning to get interesting. I personal don't like the VM-Fortimail or MEG VM. I am enough worried with VM's and Storage guys on Exchange side and would at least have the appliance physical.
Thank you for any help on this issue which MAY lead to Sales side on mcafee side!
The best way to get the type of information you are looking for would be to reach out to your account manager and they can set up a discussion with the Product Management team. They can speak to why it currently works the way it does and what changes are on the horizon around it.
That said, I would also recommend against the use of the Graylisting feature on the appliance for exactly the reason referenced here.
you can disable Greylisting for specific subnets (by using different protocol preset), so you can workaround that problem.
Frank thank you,
This is the second remark (In different MEG discussion) which point in that direction. The only problem would be that you need to have an ajour IP/Hosts
list with the sender IP-addresses which need special handling and thus manual maintenance. We have seen people integrating this in Postfix. The problem stays that this would be an innoficial list hosted by a third party.
Would the recommandation be to?
a) Use Greylisting plus as example SPF/SenderID for all as default setting
b) Do NOT use Greylisting BUT example SPF/SenderID for the hosts which have problems as example gmail, office365, yahoo (I think hetzner has a list in their WIKI)
Sinply BUY a
appliance WHICH has WON the SC-Magazine award 2014 and outperforms Mcafee Aplliances. We have several large and small customers with Mcafee and have seen everything else. Beside the fact that Mcafee comes second we have been treated like crap as Partner and Elite partner in Switzerland by Mcafee. They simply don't care about you and split the market between their existing partners. Still have a high demand from USA to grow. Mission impossible.