--> Greylisting is a technique used by Fortimail or any other email gateway that sends emails back to the sender server and asks the server to resend them again.Because spam servers are used primarily for sending emails and not receiving them, the message is not resent and gets flagged as potentially malicious.
--> When receiving an email from an unknown server, the FortiMail unit will temporarily reject the message. If the mail is legitimate, the originating server will try to send it again later (RFC 2821), at which time the FortiMail unit will accept it. Spammers will typically abandon further delivery attempts in order to maximize spam throughput.
--> Greylist scanning blocks spam based on the behavior of the sending server, rather than the content of the messages.
--> Greylisting is low-maintenance, and does not require you to manually maintain IP address lists, block lists or safe lists, or word lists. The FortiMail unit automatically adds the IP addresses in the Block List or Safe List based on the behaviour of the sender email server
--> Spam blocked by greylisting never undergoes other antispam scans, Which improves the Fortimail performance.
--> When an Sender MTA or Sender Email Server first attempts to deliver an email message through the FortiMail unit, the greylist scanner examines the email message’s combination of:
i) sender email address in the message envelope (MAIL FROM:)
ii) recipient email address in the message envelope (RCPT TO:)
iii) IP address of the Sender MTA or Sender Email Server
--> The greylist scanner then compares the combination of those attributes to manual and automatic greylist entries in the Fortimail.
--> If a matching entry exists, the FortiMail unit continues with other configured antispam scans, and will accept the email if no other antispam scan determines that the email is spam
--> If no matching entry exists, the FortiMail unit creates a pending individual automatic greylist entry to note that combination of sender, recipient, and client addresses, then replies to the SMTP client with a temporary failure code, They are converted to confirmed individual entries if a delivery attempt occurs after the greylist delay period, during the greylist window.
--> In some cases, you may want to manually configure some greylist entries. Manual greylist entries are exempt from the automatic greylisting process, and are therefore not subject to the greylist delay period and confirmation.
0 comments:
Post a Comment