Greylist Auto Bypass

Use this forum if you want to suggest a new feature to hMailServer. Before posting, please search the forum to confirm that it has not already been suggested.
Post Reply

Would you like this feature

Yes
10
71%
No
4
29%
 
Total votes: 14

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Greylist Auto Bypass

Post by ^DooM^ » 2010-05-26 11:33

When users signup to something, very often websites like you to verify your email address or send you billing receipts / data etc which get held up in greylisting and if you are waiting for it, the delay can be quite annoying.

I propose the use of a one-time greylist bypass code system. Here is how it would work. Lets say i have signed up to microsoft.com and am waiting for the verify email to come through that gets held up by greylisting.

In hMail the admin has configured a Greylist Bypass Delimiter (much the same as the plus addressing works now ) we will use the # symbol for this example
  1. Bob signs up to a microsoft.com and sets his email address to bob#microsoft@damnation.org.uk.
  2. hMail see's the greylist delimiter, makes note of the word you have used and passes the email without delay.
  3. If the website sends another email afterwards, hMail checks to see if that word has been used, if it has, subjects it to standard greylist delay.
  4. After website passes standard greylist procedure, mail is delivered as normal to bob's account.
  5. If the website sells your email address it will still be held up by greylisting because the word has already been used
The only hardship would be educating your users.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Greylist Auto Bypass

Post by Bill48105 » 2010-05-26 15:25

Would definitely be handy because one of biggest issues with greylisting is delay of email you're waiting for like you said. Signing up at sites is a big one for sure & I get complaints all the time.

Does the user define the word via web admin or how does hmail know what the secret word is? If user is logging in anyway they could define options like how long before the word expires etc. Wonder if it'd be more user-friendly for them to just define a magic word to be part of mail from (in this case microsoft) that they define to bypass greylisting for short duration before it expires.) I'd say most of the time you know the domain the email will come from when signing up for stuff.

Sounds like these need to be stored in table so I'd hope for a cleanup mechanism so it doesn't get too cluttered full of old words.

Is the word after username part to make it easier to parse or avoid conflict with another mechanism? (vs microsoft#bob@damnation.org.uk)

Along the same lines it might be useful to allow users to disable greylisting (and possibly even spam checking) for their box for a short duration of time, not just for a set sender or requiring a code/special email address. Suppose they'd need to log into the web admin before signing up somewhere & enable it but guess that'd be a different feature request. :D
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Greylist Auto Bypass

Post by ^DooM^ » 2010-05-26 15:46

Bill48105 wrote:Does the user define the word via web admin or how does hmail know what the secret word is?
The user defines the word by giving it to whomever he wants. Perhaps i wasn't clear enough.

You give an email address as bob#whateveryouwant@domain.com to the website
If whateveryouwant has never been used before for user bob then it is added to bobs list of words.
hMail realises it's a greylist bypass word because of the # delimeter
Email passes without delay this first time only.

If anyone tries to use bob#whateveryouwant@domain.com to send another email. hMail knows that whateveryouwant has been used already and subjects the email to greylisting as per normal. That way noone has to mess around with logging in, setting up magic words or anything similar, it just works. Doing it this way stops people selling your email address with the magic bypass code and forever more passing greylisting with it.
Bill48105 wrote:Sounds like these need to be stored in table so I'd hope for a cleanup mechanism so it doesn't get too cluttered full of old words.
I would say they would have to be stored for the duration. If a website sells your bob#whateveryouwant@domain.com email address if whateveryouwant was removed it would bypass greylisting.
Bill48105 wrote:Is the word after username part to make it easier to parse or avoid conflict with another mechanism? (vs microsoft#bob@damnation.org.uk)
bob#blah@domain is the same way plus addressing works already, makes sense to use the same way to avoid confusion.
Bill48105 wrote:Along the same lines it might be useful to allow users to disable greylisting (and possibly even spam checking) for their box for a short duration of time, not just for a set sender or requiring a code/special email address. Suppose they'd need to log into the web admin before signing up somewhere & enable it but guess that'd be a different feature request. :D
I have requested user specific greylist whitelist entries somewhere. Once that is added i'll update my greylist script.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Greylist Auto Bypass

Post by Bill48105 » 2010-05-26 16:32

Thanks for clarifying but I'm still confused on how hmail knows what words to allow unless the user defines them. I assume you don't mean hmail sees #, grabs the word & then if it's not in the used list bypasses greylisting? If so what would stop spammer from just inserting random strings over & over to bypass greylisting? (Hope that clarifies my confusion on the definition step)
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Greylist Auto Bypass

Post by ^DooM^ » 2010-05-26 17:00

Yes that's exactly what i mean just use bob#string or bob~string or bob+string or bob-string or bob$string (user defined delimeter)

I agree that spammers could just put random crap but then they could setup spf, and they could have mx records etc etc

It would be an optional use so it would be down to the admin if they want less delays but perhaps a bit more spam. That is the tradeoff with all anti spam solutions is it not? I'm offering a user friendly way that requires no user login or web server setup or remembering of yet another password only to login to set a password.

It's simple and would be pretty effective in my opinion.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Bill48105
Developer
Developer
Posts: 6192
Joined: 2010-04-24 23:16
Location: Michigan, USA

Re: Greylist Auto Bypass

Post by Bill48105 » 2010-05-26 17:39

OK thanks for clarifying, not sure that was obvious from the 1st post but definitely makes sense now. It helps that the character can be changed that's for sure. It'd likely be nice to be able to control it more too, perhaps requiring certain length or pre-defined substring etc but understand not wanting to make it too complicated for the end-user. I'm definitely all for ways to minimize frustration caused by greylisting delays but also want to make sure it's not too easily abused either. Could you imagine if hmail string was in SMTP banner & spammer saw that & said "oh we got an hmail server, let's try a random string to see if we can get by their greylisting". Luckily the banner thing isn't the case and having this be optional like the spf/mx bypasses at least would help.

Great start for something that'd be very useful. Wonder if others will chime in on their thoughts.
hMailServer build LIVE on my servers: 5.4-B2014050402
#hmailserver on FreeNode IRC https://webchat.freenode.net/?channels=#hmailserver
*** ABSENT FROM hMail! Those in IRC know how to find me if urgent. ***

mayodp
New user
New user
Posts: 24
Joined: 2007-06-12 09:49

Re: Greylist Auto Bypass

Post by mayodp » 2010-06-11 10:05

As all legitimate domains that would be the sender of this 'subscription email ' would already be correctly configured with spf txt and most likely dkim txt records & signatures - there is no need for this as the option to bypass grey list if spf pass already exists (5.3.3 1879) and optionally could have dkim pass

Dave M

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Greylist Auto Bypass

Post by ^DooM^ » 2010-06-11 10:41

In my experience hardly any legitimate domains use SPF or DKIM. I guess people don't see this addition the same way I do. Personally i think this will eliminate greylist delays which is the only reason people do not use it.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

ensarija
New user
New user
Posts: 13
Joined: 2010-06-03 17:04
Location: Bosnia and Herzegovina
Contact:

Re: Greylist Auto Bypass

Post by ensarija » 2010-06-18 07:53

I like this idea altogether. So here is suggestion that might solve issue with random generated magic keys from spammers side and users having to define magic key before using it.

How about having an option in hMail to define e-mail address like "regmagic@domain.com", that will accept mails only from it's own domain. And there should be some rules like:
1. Subject: Register
2. Message body: magic key (only)

when hMail receives mail on that address, it will know user that will use magic key and what is magic key.

bescher
Normal user
Normal user
Posts: 123
Joined: 2008-05-26 01:56
Location: Milwaukee Wi
Contact:

Re: Greylist Auto Bypass

Post by bescher » 2010-06-18 08:45

Although I love Hmail
I use ewall for many of my filtering capabilities inc;uding virus checking.
In ewall you can create lists for the above
So Why can't you start off with create a list on all putgoing email.
So then all outgoing email the receipients' email address is added to a whitelist (It can be global or by domain (The senders domain)
On incoming there is a filter that checks to see if that senders address is in the white list. If it is then the greylisting is bypassed along with any other filters you want it to bypass (Surbl, DNSBL for example)

User avatar
mattg
Moderator
Moderator
Posts: 21265
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Greylist Auto Bypass

Post by mattg » 2010-06-18 09:16

bescher wrote:Although I love Hmail
I use ewall for many of my filtering capabilities inc;uding virus checking.
In ewall you can create lists for the above
So Why can't you start off with create a list on all putgoing email.
So then all outgoing email the receipients' email address is added to a whitelist (It can be global or by domain (The senders domain)
On incoming there is a filter that checks to see if that senders address is in the white list. If it is then the greylisting is bypassed along with any other filters you want it to bypass (Surbl, DNSBL for example)
This can be done with AndyP's very popular script - http://www.hmailserver.com/forum/viewto ... 20&t=13682
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: Greylist Auto Bypass

Post by ^DooM^ » 2010-06-18 11:44

mattg wrote:
bescher wrote:Although I love Hmail
I use ewall for many of my filtering capabilities inc;uding virus checking.
In ewall you can create lists for the above
So Why can't you start off with create a list on all putgoing email.
So then all outgoing email the receipients' email address is added to a whitelist (It can be global or by domain (The senders domain)
On incoming there is a filter that checks to see if that senders address is in the white list. If it is then the greylisting is bypassed along with any other filters you want it to bypass (Surbl, DNSBL for example)
This can be done with AndyP's very popular script - http://www.hmailserver.com/forum/viewto ... 20&t=13682
bescher, That doesn't solve the problem for when you don't know the incoming email address though does it, which is what my suggestion would eliminate the need to know.
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

Post Reply