cPanel vs Spam: Greylisting enters the fight!

Screen Shot 2015-03-16 at 11.08.45 AMcPanel is excited to announce that 11.50 will include a new feature that  dramatically reduces the amount of spam you and your customers receive: Greylisting.


Greylisting is the process of deferring emails from unknown senders. When the email arrives, Greylisting causes the server to return a message that boils down to, “I’m busy at the moment, try again in a bit.” Valid Mail Transfer Agents (MTAs), like Exim, will automatically retry many times. This retry time can be several minutes to start and last for several days. Invalid MTAs will simply give up and move to the next enticing spam target. We use these retry attempts as a way to weed out good email from bad.

cPanel created its own Greylisting daemon, cpgrey, that runs at SMTP receipt time. This means it happens before any real data is sent. The cpgrey daemon looks for a triplet: a source IP address, a source email address, and a destination IP address. If this combination has not been seen in a set time frame (this time frame is configurable), cpgrey will defer all email from that triplet for a set initial block time (again this time frame is configurable.) After the initial block time has expired, the system will accept email from the triplet until the max block time has expired.

Greylisting has its own interface in WHM that allows root users to configure many aspects of the system. You can set the time for the initial block, the must retry time, and the triplet expire time. You can also allow emails with valid SPF records to bypass Greylisting completely. The interface also includes a Trusted Hosts page that allows you to configure IP addresses and CIDR ranges to bypass Greylisting. Finally, we have added a simple report that allows you to see the current triplets in the Greylisting database. You can even add IP addresses and CIDR ranges directly from the report.

Screen Shot 2015-03-16 at 11.08.39 AM
cPanel users are able to control which of their domains use Greylisting through the Greylisting interface in both PaperLantern and x3. cPanel users will see a list of domains they control and a simple toggle to disable or enable Greylisting. Bulk actions to enable all or disable all are included in a gear icon located in the top right corner.
We highly recommend server administrators use Greylisting as a strong tool in their arsenal for combating spam.

cPanel

The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel & WHM their hosting platform of choice. For more information, visit cPanel.net.

5 responses to “cPanel vs Spam: Greylisting enters the fight!”

  1. Tango says:

    As long as CPanel users have the ability to disable it on a per email-account basis, great! But it sounds like it’s only on a per-domain basis, which is still better than no control at all (which would be unacceptable and make the feature worse than useless to me). Some email addresses on a domain are much more spam-prone than others and it doesn’t make sense to penalize email accounts that don’t have an issue, even if the penalty is email delayed for several minutes (these days people expect email to arrive in under 5 seconds).

    As far as SPF goes, it should just disappear (hopefully along with all the people who invented it). Causes more problems than it solves. Half the spam I get comes with valid SPF, and it breaks forwarding and also breaks people’s ability to send legitimately using one SMTP server email under different domains they own, possibly on different servers. And what makes it unacceptable is that it breaks it silently (the forwarder will never know there was a problem but half the time the email won’t show up).

    What would be great to see is user-level control of *incoming* SPF checking (that is if it isn’t removed entirely), so I can turn it OFF!! My new hosting service has it on, and I am trying to convince them to turn it off (otherwise I’ll have to find another hosting service, since I forward email from multiple accounts to one account all the time and with hard incoming SPF fail rejections, I’ll lose half my good email–and yeah, half my spam too, but talk about throwing out the baby with the bathwater …). Give SPF fail a small bump up in the spam score in SpamAssassin and leave it at that.

  2. Mike says:

    Allowing emails that pass SPF to bypass greylisting will not be effective. Most of the spam coming in these days is from spammers using valid SPF. So anyone enabling this option will still get all the spam from senders using valid SPF/DKIM if they enable that option.

    You really need to also add the ability to bypass greylisting by partial / full PTR match as well using the same methods that SMFS (smf-grey) does Ex:

    .ac1.yahoo.com # any PTR ending in .ac1.yahoo.com is exempt from greylisting
    .ticketmaster.com # any PTR ending in .ticketmaster.com is exempt from greylisting
    mail.cpanel.net # exempt host mail.cpanel.net from greylisting

    So, being able to exempt IP addresses and CIDR ranges from greylisting is a great feature (and in fact mandatory if you want admins to use greylisting), but you need to be able to exempt valid rDNS partial matches as well. This should be a mandatory requirement as well.

    Of course, to ensure that spammers who have control of their own rDNS do not just simply create fictitious rDNS records matching common email services, the daemon is going to have to ensure that the forward / RDNS match each other before exempting from greylisting. Yep that means another DNS query and more time spent, but it’s well worth it.

  3. Mike says:

    This is a most awesome and welcomed addition. Of course, these days the big spammers are using SPF so one wouldn’t want to disable greylisting when valid SPF records exist. But it’s great that you’re making that an option. Also great that our customers can enable/disable greylisting on their own. Let’s face it, many customers find it thoroughly unappetizing if a company forces greylisting upon them, but if left to their own devices [and wanting to lower their spam] they will inevitably log into their cPanel account and turn it on under the radar.

    Keep up the great work!

  4. Bob says:

    This sounds interesting. When will 11.50 be released?

  5. Scott Neader says:

    This will be a very interesting addition! Thank you, cPanel, for doing what you can to help curb the increase flow of spam (due to the current ineffectiveness of Spam Assassin.)

    I’m finding that many of the spams arriving have good SPF records, so I’m not sure that allowing valid SPF emails to bypass greylisting would be a good idea.

    I’m very much looking forward to seeing how this works. Thanks again!!

Leave a Reply