6 Replies Latest reply on Dec 11, 2014 7:17 AM by bretzeli

    MEG 4500, V7.6.2 Greylisting Host/Subent with GMAIL and Office365

    bretzeli

       

       

       

      a) Mcafee Appliance does not list Greylisting partner by SUBNET and ONLY by single IP-host.

       

      b) GMAIL and other come with different IP-Host on second try

       

       

       

       

       

      Hello,

       

       

       

      We currently have an issue with a MEG 4500 Email Gateway running V7.6 2810.102. We did narrow this

       

      down to Senders with diffrent MX and IP's like GMAIL, Novartis, Yahoo or Office365. In words everything

       

      that has  a large Mail structure. We first searched in the way of max. HOPS/Hosts or MX record which was limited

       

      to 100 by another Mcafee partner and i think is default outofthebox setting.

       

       

       

      We have tracked the problem to greylisting:

       

       

       

      1) First contact comes from new E-Mail as example GMAIl account

       

      2) The IP-address and NOT the SUBNET gets greylisted (Log says blocked)

       

      3) Sender tryes again maybe with different IP-address and other MX source  (This depends from seconds to 9 hours)

       

      4) We heard that GMAIL may come back to fast with the second contact in Greylist but i think they should at least stay around the 300 seconds.

       

       

       

      As soon as the CONTACT is done, either by time (GMAIL 4-9 hrs.!) or by a user sending back and forth it's no problem. This is also valid only for incoming E-Mail TO the Mcafee appliance.

       

       

      We have come so far to say the underlying Postfix and Greylisting is based on single IP HOSTS and not IP-Subnets. As example actual Fortimail 100/200 does

       

      this by subnets because of the fact that larger mail sender come with different IP's. I have also seen blogs where regular Posfix users download IP-Lists

       

      with MX sender ranges that may have problem (GMAIl, Some Airlines, Yahoo, Amazon) and then integrate that or except those hosts from Greylisting in some kind of way.

       

      This would be the way to go is you run your own Linux Mail Server with Postfix. But that not the reason people buy applliance ;-)

       

       

       

      Since this i a larger problem and we have many customer coming from Outlook.com and also Azure and people use Android /GMAIl) business related we have seen an increase in that problem.

       

       

       


      We are both, Mcafee and Fortigate partners and are searching for a true solution and also some strategy statements. Since the Fortimail 200 appliance has jumped up to around CHF 4000.- per appliance the MEG is coming in range again where it's beginning to get interesting. I personal don't like the VM-Fortimail or MEG VM. I am enough worried with VM's and Storage guys on Exchange side and would at least have the appliance physical.

       

       

      Thank you for any help on this issue which MAY lead to Sales side on mcafee side!

       

       

      Regards