Viewing the greylist statuses
The Greylist submenu lets you monitor automatic greylisting exemptions, and email currently experiencing temporary failure of delivery due to greylisting.
Greylisting exploits the tendency of legitimate email servers to retry email delivery after an initial temporary failure, while spammers will typically abandon further delivery attempts to maximize spam throughput. The greylist scanner replies with a temporary failure for all email messages whose combination of sender email address, recipient email address, and SMTP client IP address is unknown. If an SMTP server retries to send the email message after the required greylist delay but before expiry, the FortiMail unit accepts the email and adds the combination of sender email address, recipient email address, and SMTP client IP address to the list of those known by the greylist scanner. Subsequent known email messages are accepted. For details on the greylisting mechanism, see About greylisting.
To use greylisting, you must enable the greylist scan in the antispam profile. For more information, see Configuring antispam profiles.
Enabling greylisting can improve performance by blocking most spam before it undergoes other, more resource-intensive antispam scans. |
Greylisting is bypassed if the SMTP client establishes an authenticated session (see Controlling email based on sender and recipient addresses, and Controlling email based on IP addresses), or if the matching access control rule’s Action is RELAY (see Order of execution). |
You can configure the initial delay associated with greylisting, and manually exempt senders. For details, see Configuring the greylist TTL and initial delay and Manually exempting senders from greylisting.
Viewing the pending and individual automatic greylist entries
The Display tab lets you view pending and individual automatic greylist entries.
- Pending greylist entries are those whose Status is not PASSTHROUGH. For email messages matching pending greylist entries, the FortiMail unit will reply to delivery attempts with a temporary failure code until the greylist delay period, indicated by Time to passthrough, has elapsed.
- Individual greylist entries are those whose Status is PASSTHROUGH. For email messages matching pending greylist entries, the greylist scanner will allow the delivery attempt, and may create a consolidated automatic greylist entry. For information on consolidated entries, see Viewing the consolidated automatic greylist exemptions.
To view the greylist, go to Monitor > Greylist > Display.
Viewing the list of pending and individual greylist entries
GUI item |
Description |
---|---|
Search (button) |
Click to filter the displayed entries. For details, see Filtering pending and individual automatic greylist entries. |
IP |
Lists the IP address of the SMTP client that delivered or attempted to deliver the email message. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display. |
Location |
Lists the GeoIP locations/country names. |
Sender |
Lists the sender email address in the message envelope ( If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display. |
Recipient |
Lists the recipient email address in the message envelope ( If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display. |
Status |
Lists the current action of the greylist scanner when the FortiMail unit receives a delivery attempt for an email message matching the entry.
|
Time to passthrough |
Lists the time and date when the greylisting delay period for a pending entry is scheduled to elapse. Delivery attempts after this date and time confirm the pending greylist entry, and the greylist scanner converts it to an individual automatic greylist entry. The greylist scanner may also consolidate individual greylist entries. For information on consolidated entries, see Viewing the consolidated automatic greylist exemptions. N/A appears if the greylisting period has already elapsed. |
Expire |
Lists the time and date when the entry will expire. The greylist entry’s expiry time is determined by the following two factors:
|
Filtering pending and individual automatic greylist entries
You can filter the greylist entries on the Display tab based on sender email address, recipient email address, and/or the IP address of the SMTP client.
To filter the greylist entries
- Go to Monitor > Greylist > Display.
- Click Search.
- Configure one or more of the following:
- IP
- Sender
- Recipient
- Click Search.
A dialog appears.
GUI item |
Description |
---|---|
Field |
Select one of the following columns in the greylist entries that you want to use to filter the display. |
Operation |
Select how the column’s contents will be matched, such as whether the row must contain the Value. |
Value |
Enter a pattern or exact value based on your selection in Field and Operation. |
Case Sensitive |
Enable for case-sensitive filtering. |
Use an asterisk (*
) to match multiple patterns, such as typing user*
to match user1@example.com
, user2@example.net
, and so forth. Blank fields match any value. Regular expressions are not supported.
The Display tab appears again, but its contents are restricted to entries that match your filter criteria. To remove the filter criteria and display all entries, click the Display tab to refresh its view.
Viewing the consolidated automatic greylist exemptions
The Auto Exempt tab displays consolidated automatic greylist entries.
The FortiMail unit creates consolidated greylist entries from individual automatic greylist entries that meet consolidation requirements. For more information on individual automatic greylist entries, see Viewing the pending and individual automatic greylist entries. For more information on consolidation requirements, see Automatic greylist entries.
To view the list of consolidated entries, go to Monitor > Greylist > Auto Exempt.
Auto Exempt tab options
GUI item |
Description |
Search (button) |
Click to filter the displayed entries. |
IP |
Lists the /24 subnet of the IP address of the SMTP client that delivered or attempted to deliver the email message. If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display. |
Location |
Lists the GeoIP locations/country names. |
Sender |
Lists the domain name portion of the sender email address in the message envelope ( If the displayed entries are currently restricted by a search filter, a filter icon appears in the column heading. To remove the search filter, click the tab to refresh the display. |
Expire |
Lists the time and date when the entry will expire, determined by adding the TTL value to the time the last matching message was received. For information on configuring the TTL, see Configuring the greylist TTL and initial delay. |