reset passwords) get blocked as a false positive as they are generated by bots, however, situations like today I can see multiple attempts within 15 minutes of each other. I can understand when automated emails (i.e.
If the sending mail server attempts to send again - within the correct timeframe - the receive server will see that it matches the first converstion triplet and push it through. I understand how greylisting works whereby if the receiving mail server receives an new 'triplet' conversation it will send a temporary rejection email. Adding the domain to the exceptions will solve this,
When checking the logs I could see the email was being caught by the greylist, however, there were multiple attempts from the same sender with a few minutes of each other but kept being blocked by the greylist. Today, a user reported they were not receiving an email from a particular sender. I've come across a few situations which do not match the behaviour I expect from the greylist. I'm just trying to understand what is happening with GFI's greylist.
