How do I get off Mimecast's greylist?

postfix greylisting email-bounces

Emails from our servers sent to Mimecast are being "temporarily rejected" due to greylisting.

Mimecast has docs on this; they say that every time they see a unique IP and sender, they greylist the IP temporarily. They recommend to keep retrying and eventually the IP should get greylisted.

We've configured our Postfix to do this. All bounced emails get retried a few times but Mimecast is not removing us off their greylist.

Our domain has properly configured PTR and SPF records. The IP is also not blacklisted anywhere.

Here is our Postfix configuration:

maximal_queue_lifetime = 1h
maximal_backoff_time = 15m
minimal_backoff_time = 5m
queue_run_delay = 5m

I have also contacted them but I am going to assume they will never reply because we are not Mimecast customers.

How do we go about getting off their greylist?


They recommend to keep retrying and eventually the IP should get greylisted. We've configured our Postfix to do this. All bounced emails get retried a few times but Mimecast is not removing us off their greylist.

If you will forgive me, I'm not sure you quite understand greylisting. As Mimecraft's docs say, the identifier for a greylisting decision is a triple of addresses: sender ip - sender from - recipient to. When delivery is attempted of an email with a previously unseen triple, greylisting should temporarily knock it back. When that particular email tries to be redelivered, from the same server, it should be accepted, and that specific triple gets written to a temporary whitelist.

Further emails with the same triple arriving within the lifetime of the whitelist entry should be delivered. If you have evidence of any of this not happening it would be of interest.

But further emails from other senders at your domain, or to different recipients, should quite properly be greylisted. Your server doesn't suddenly get carte blanche to send emails simply because it successfully delivered a a single piece of mail.

Most recipients do not choose to greylist based on the existence of valid SPF and/or PTR records, nor your IP's presence on blacklists (or the lack thereof), so your accomplishments there - whilst likely to be of help further down the anti-spam chain - are probably not relevant to greylisting.

Greylisting is generally applied to all incoming email, though some implementations do exempt any email that arrives under cover of SMTP TLS, presumably reasoning that very few fire-and-forget bots can properly do TLS (yet).

Related

What does “error: token mismatch” mean?
issues configuring firewall rules for Postgres on Centos
Does Windows 2003 support TLS 1.1 and 1.2?
What is the benefit of registering an offline RHEL system?
DNS servfail at some of Nameservers [closed]
proxy_set_header not working
php-fpm: unrecognized service
How does load balancer manage TCP connections
What does regsvr32 do?
Using fail2ban to manually block an ip for a specific time period
Why does running the App Store push email to my iPad?
An iOS app for JIRA that works