Greylisting settings

The Enable Greylisting function activates a feature that protects users from spam using the following technique: The transport agent will send a “temporarily reject” SMTP return value (default is 451/4.7.1) for any received email that is not from a recognized sender. A legitimate server will try to resend the message after a delay. Spam servers will typically not attempt to resend the message, as they usually go through thousands of email addresses and do not waste time resending. Greylisting is an additional layer of antispam protection, and does not have any effect on the spam evaluation capabilities of the antispam module.

When evaluating the message source, the Greylisting method takes into account the Approved IP list, the Ignored IP list, Safe Senders and the Allow IP lists on the Exchange server as well as AntispamBypass settings for the recipient mailbox. Emails from these IP addresses/senders lists or emails delivered to a mailbox that has the AntispamBypass option enabled will be bypassed by the Greylisting detection method.

Use only domain part of sender address - Ignores sender's name in the email address; only domain is taken into account.

Synchronize greylisting databases across the ESET cluster - Greylisting database entries are shared in real time between the servers in ESET cluster. When on one of the servers receives a message that is processed by greylisting, this information is broadcast by ESET Mail Security over to the rest of the nodes in ESET cluster.

Time limit for the initial connection denial (min.) - When a message is delivered for the first time and temporarily refused, this parameter defines the time period during which the message will always be refused (measured from the first refusal). After the defined time period has elapsed, the message will be successfully received. The minimum value you can enter is 1 minute.

Unverified connections expiration time (hours) - This parameter defines the minimum time interval for which the triplet data will be stored. A valid server must resend a desired message before this period expires. This value must be greater than the value of Time limit for the initial connection denial.

Verified connections expiration time (days) - The minimum number of days for which the triplet information is stored, during which emails from a particular sender will be received without any delay. This value must be greater than the value of Unverified connections expiration time.


Use antispam lists to automatically bypass Greylisting and SPF - When enabled, Approved and Ignored IP list will be used together with IP whitelists to automatically bypass Greylisting and SPF.

IP whitelist - In this section, you can add IP address, IP address with mask, IP range. You can modify the list by clicking Add, Edit or Remove. Alternatively, you can Import or Export files. Use the browse button ... to select a location on your computer to open or save the configuration file.

Domain to IP whitelist - This option allows you to specify domains (e.g. domainname.local). To manage the list, use Add, Remove or Remove all. If you want to import your custom list from a file instead of adding every single entry manually, right-click in the middle of the window and select Import from the context menu, then browse for your file (.xml or .txt) that contains entries you want to add to the list. Likewise, if you need to export your existing list to a file, select Export from the context menu.

SMTP response (for temporarily denied connections) - Specify a Response code, Status code and Response message, which define the SMTP temporary denial response sent to the SMTP server if a message is refused. Example of a SMTP reject response message:

Response code

Status code

Response message



Please try again later

note_icon_warning WARNING

Incorrect syntax in SMTP response codes may lead to the malfunction of Greylisting protection. As a result, spam messages may be delivered to clients or messages may not be delivered at all.

note_icon_note NOTE

You can also use system variables when defining the SMTP reject response.

All messages that have been evaluated using the greylisting method are recorded in Logs files.