Adjusting Parallels/Plesk greylisting patterns

Today I got a mail from a customer saying that a mail that someone tried to send them kept bouncing from my Plesk/Qmail mailserver. Upon inspection of the maillog, I noticed this error at the specific e-mail message:

Jan 17 14:31:08 servername greylisting filter[539]: Starting greylisting filter... Jan 17 14:31:08 servername greylisting filter[539]: list type: black, from: ch1outboundpool.messaging.microsoft.com, match string: dsl|pool|broadband|hsd Jan 17 14:31:08 servername qmail-queue-handlers[538]: handlers_stderr: REJECT

Apparently, there was some kind of blacklist setting in the greylisting filter for all domains matching the regex "dsl|pool|broadband|hsd", in layman's terms: a domain which has either "dsl", "pool", "broadband" or "hsd" in them. Since our sender seemed to be using Microsoft's cloud services and was using ch1outboundpool.messaging.microsoft.com as SMTP server, it matched the pattern.

But it's a ridiculous pattern, as it would match perfectly valid domains like some-dslprovider.com, poolparty.com or broadbandstore.com. Obivously, I didn't want this pattern to be in my greylisting filter and thus my quest to remove it had begun.

Some Googling got me to this command to inspect the greylisting configuration:

/usr/local/psa/bin/grey_listing --info-server

It turned out that this pattern was indeed effectively blacklisted:

Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]*
dsl|pool|broadband|hsd
dynamic|static|ppp|dyn-ip|dial-up

Now, there were some forum topics around suggesting that this command would remove it: /usr/local/psa/bin/grey_listing --update-server -blacklist del:"dsl|pool|broadband|hsd". Unfortunately, that was not working:

/usr/local/psa/bin/grey_listing --update-server -blacklist del:"dsl|pool|broadband|hsd"
unable parse pattern list: incorrect pattern "dsl|pool|broadband|hsd"

It turns out that the -domains-blacklist option should be used instead and then it works fine (I went into the /usr/local/psa/bin directory before running this):

./grey_listing --update-server -domains-blacklist del:"dsl|pool|broadband|hsd"
SUCCESS: Update of server-wide settings complete.

Now, checking the greylisting config again showed that the pattern was gone:

./grey_listing -i

Which gave the following output:

Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]*
​dynamic|static|ppp|dyn-ip|dial-up

And then finally restarted Qmail to make sure the new config was applied properly:

/etc/init.d/qmail restart
$Starting qmail: done

That was that, now the pattern is no longer applied to incoming mail and the valid mails get delivered again.