๐ 1. What is Google Grey-Listing?
Grey-listing (also known as "tarpitting") is Googleโs method of slowing down suspicious mail traffic instead of outright blocking it.
When your mail server (Exim/Postfix) connects via port 25:
-
Gmail delays the TCP handshake for 20โ30 seconds.
-
If your server times out (default: 30s), youโll see:
SMTP timeout after initial connection (0 bytes written): Connection timed out๐ซ No bounce returned. Mail is deferred and re-queued.
โ ๏ธ 2. Typical Greylisting Triggers
| ๐จ Trigger | ๐ Log Indicators |
|---|---|
| ๐ฅ Spam Burst | 100k+ identical subjects: A=dovecot_login:user@domain |
| ๐งน Compromised Form | Many entries: cwd=/home/user/public_html/contact/ |
| ๐ Auth Failures | Spikes in: 535 incorrect password attempts |
| ๐ Header Issues | Missing/broken SPF, DKIM, or DMARC headers |
โฌ๏ธ Gmail flags the sending IP, not individual sender domains.
๐ฎ 3. How to Confirm Grey-Listing
โ Manual Test: Banner Delay
time printf 'quit\r\n' | nc -4 gmail-smtp-in.l.google.com 25-
Normal: Under 3s โ
220 mx.google.com ESMTP -
Grey-listed: Hangs 20โ30s, times out
๐ Postmaster Tools
-
Visit: postmaster.google.com
-
Add your IP, check IP reputation: ๐ด Bad / ๐จ Low = greylisted
๐ง 4. The 5-Step Recovery Plan
โ Step 1: Stop Spam Immediately
-
Suspend spammy scripts/mailboxes
-
Purge queue:
exiqgrep -i -f spammer@example.com | xargs -r exim -Mrm๐ Step 2: Perfect Your Email Authentication
| ๐ Record | ๐ Good Value |
| PTR | 203.0.113.10 โ mail.example.com |
| HELO | primary_hostname = mail.example.com |
| SPF | v=spf1 ip4:203.0.113.10 a mx -all |
| DKIM | Valid via WHM or mail-tester.com |
| DMARC | v=DMARC1; p=none; rua=mailto:dmarc@example.com |
Test setup: mail-tester.com
โก Step 3: Throttle & Warm-Up
| ๐ Day | ๐ง Max Gmail Recipients | ๐ก Notes |
| 1 | 100 | Person-to-person only |
| 2โ3 | 200โ300 | No attachments > 2MB |
| 4โ7 | 500โ1000 | Bounce rate < 0.3% |
Apply limits:
sender_rate_limit = 300 / 1h
domain_max_defer_failures = 20
smtp_banner_wait_timeout = 60s๐ Step 4: Monitor Every 6 Hours
watch -n 3600 'time printf "quit\r\n" | nc -4 gmail-smtp-in.l.google.com 25'๐ Expect banner delay to reduce daily: 20s โ 12s โ 5s โ <3s
๐ Step 5: Return to Normal
Once:
-
๐ข Banner delay < 3s
-
๐ IP reputation โฅ Neutral
Reset safeguards:
sender_rate_limit = 0
domain_max_defer_failures = 5
smtp_banner_wait_timeout = 30s๐ 5. Optional: Move SMTP to a Fresh IP
๐ When recovery is slow or SEO is impacted:
-
Add new IP:
198.51.100.25/32in WHM > IP Functions -
Set in Exim:
remote_smtp:
driver = smtp
interface = 198.51.100.25-
Update DNS (A record, PTR, SPF)
-
Begin warm-up from scratch
๐ฌ Leave websites on old IP, isolate email traffic.
๐ค 6. FAQ
| ๐ Question | ๐ฌ Answer |
| Manual delist available? | โ No, algorithm-based only |
| Change hostname to fix it? | ๐น Only helps if PTR/HELO mismatched |
| Port 587 bypass greylist? | โ No, MX sees source IP |
| Full recovery time? | โณ 3โ7 days if low volume + clean |
๐ 7. One-Page Checklist โ
โ Quarantine spam source
โ Purge Exim mail queue
โ Match PTR โ HELO โ A record
โ Validate SPF, DKIM, DMARC
โ sender_rate_limit = 300/h
โ domain_max_defer_failures = 20
โ Gmail banner test < 3s
โ Postmaster IP rep โฅ Neutral๐ง This playbook also helps resolve Yahoo 421 deferrals and Outlook โServer busyโ errors.
ย
