Grey Listing Amazon Simple Email Service

Submitted by daniel on Fri, 03/05/2019 - 13:15

I have experienced issues either directly or indirectly with organisations that use Amazon's Simple Email Service.

After some investigation my plesk based mail server uses grey listing to cut down on spam emails. One consequence of this is if it does not recognise the mail server it will grey list it, essentially delaying the delivery of the said email. Eventually it will deliver it but chances are any token attached will have long expired.

One approach to speed up the delivery of these types of emails is simply to add the said mail server to the list of white listed servers. Here I show you you how.

Firstly we can see there is a problem by checking the mail logs:

tail -1000 /var/log/maillog 

Here we can see entries like so

May  3 12:05:55 loboweb2 postfix/smtpd[19565]: 853032183F: milter-reject: DATA from a8-91.smtp-out.amazonses.com[54.240.8.91]: 451 4.7.1 Service unavailable - try again later; from=<0100016a7d4d910a-c6785da7-e479-45ec-96ca-ce4660196fbf-000000@amazonses.com> to=<info@danlobo.co.uk> proto=ESMTP helo=<a8-91.smtp-out.amazonses.com>

This tells us that there is a problem with delivery of Amazon SES emails.

https://support.plesk.com/hc/en-us/articles/115003220374-Delivery-of-no…

To resolve this we essentially need to white list Amazon's SES service to prevent a delay in receiving these emails.  Lets first check to see which servers are already white listed:

/usr/local/psa/bin/grey_listing --info-server

This will return something like:

Grey listing configuration.

Grey listing checking  enabled
Grey interval          5 minutes
Expire interval        51840 minutes
Penalty interval       2 minutes
Penalty                disabled
Personal grey listing
configuration          allowed

Server-wide black list:

Server-wide white list:
 *@amazonses.com

White domains patterns list:
 *.amazonses.com
 *.office365.com
 *.outlook.com
 *.outlook.office.com
 *google.com
 *mail.ru
 *messaging.microsoft.com
 *parallels.com
 *plesk.com
 *rambler.ru
 *yahoo.com
 *yandex.ru

Black domains patterns list:
 *[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
 *[0-9][0-9].[0-9][0-9].[0-9][0-9]*
 *[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
 *[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]*
 dsl|broadband|hsd
 dsl|pool|broadband|hsd
 dynamic|static|ppp|dyn-ip|dial-up

SUCCESS: Gathering of server wide information complete.
[root@loboweb2 git]# /usr/local/psa/bin/grey_listing --info-server
Grey listing configuration.

Grey listing checking  enabled
Grey interval          5 minutes
Expire interval        51840 minutes
Penalty interval       2 minutes
Penalty                disabled
Personal grey listing
configuration          allowed

Server-wide black list:

Server-wide white list:

White domains patterns list:
 *.office365.com
 *.outlook.com
 *.outlook.office.com
 *google.com
 *mail.ru
 *messaging.microsoft.com
 *parallels.com
 *plesk.com
 *rambler.ru
 *yahoo.com
 *yandex.ru

To add amazon to the 'White domains patterns list', use the folowing syntax:

/usr/local/psa/bin/grey_listing --update-server  -domains-whitelist  add:*.amazonses.com

For good measure you can also update the 'server wide white list'.

/usr/local/psa/bin/grey_listing --update-server -whitelist add:*@amazonses.com

I am not certain what the correct protocol here. Previous entries seem to use the -domain-whitelist where as other documentation seems to mention using the 'server wide white list'? Some further investigation required perhaps.

Once done, check that the 'White domains patterns list' has been updated and then restart your mail service:

/usr/local/psa/admin/sbin/mailmng-service --restart-service

With a bit of luck you will now receive emails form amazon SES without a delay.

Comments

Submitted by daniel on Wed, 08/05/2019 - 12:15

Permalink

Okay it looks like there are other services other than amazon that are affected by grey listing.

loboweb2 postfix/smtpd[23799]: D5E4920694: milter-reject: DATA from maila-dc.linkedin.com[108.174.6.139]: 451 4.7.1 Service unavailable - try again later; from=<m-56nh8tnvy42giet9lxih1r4c0sjnukfos1el6j36xgkwqfqsw2o20y7l@bounce.linkedin.com> to=<info@danlobo.co.uk> proto=ESMTP helo=<maila-dc.linkedin.com

adding linkedin 

So I can confirm that simply running the following seems to circumvent the issue even with out restarting the mail server.

/usr/local/psa/bin/grey_listing --update-server  -domains-whitelist  add:*.inkedin.com

 

Add new comment