Introduction

Greylisting is an anti-spam technique where the receiving mail server temporarily rejects the first delivery attempt with a 4xx code, expecting legitimate mail servers to retry after a delay. Spammers typically do not retry, but legitimate servers do. While effective against spam, greylisting can cause significant delivery delays (typically 5-15 minutes) for first-time senders, which is problematic for time-sensitive emails.

Symptoms

  • Email delivery takes 5-30 minutes for new senders
  • Mail logs show 451 4.7.1 Please try again later from the receiving server
  • First email from a new sender is delayed, subsequent emails are delivered immediately
  • Time-sensitive emails (password resets, order confirmations) arrive late
  • Error message: 451 4.7.1 Greylisted, please try again in 300 seconds

Common Causes

  • Receiving server has greylisting enabled for all incoming email
  • Sending server IP has never delivered to the receiving server before
  • Sending server uses multiple outgoing IPs, each treated as a new sender
  • Greylisting whitelist has expired for previously whitelisted senders
  • Sending server not configured to retry deferred messages promptly

Step-by-Step Fix

  1. 1.Confirm greylisting is the cause of the delay: Check mail logs.
  2. 2.```bash
  3. 3.# Check sending mail server logs
  4. 4.grep "451|greylist|deferred" /var/log/mail.log | tail -20
  5. 5.# Check for retry attempts
  6. 6.grep "retry|requeue" /var/log/mail.log | tail -10
  7. 7.`
  8. 8.Verify the sending server retries deferred messages: Ensure retry logic is configured.
  9. 9.```bash
  10. 10.# For Postfix, check retry settings
  11. 11.postconf queue_run_delay minimal_backoff_time maximal_backoff_time
  12. 12.# Default values should retry within minutes:
  13. 13.# queue_run_delay = 300s
  14. 14.# minimal_backoff_time = 300s
  15. 15.# maximal_backoff_time = 4000s
  16. 16.`
  17. 17.Contact the receiving server administrator for whitelisting: Request exemption.
  18. 18.`
  19. 19.# Contact the receiving mail server administrator:
  20. 20.# - Provide your sending IP address and domain
  21. 21.# - Request to be added to the greylist whitelist
  22. 22.# - Provide evidence of legitimate email sending (SPF, DKIM, DMARC configured)
  23. 23.`
  24. 24.Warm up the sending IP by establishing delivery history: Build reputation.
  25. 25.`
  26. 26.# Send a small number of emails to the receiving domain regularly
  27. 27.# After successful delivery, the IP will be whitelisted by the greylist
  28. 28.# Subsequent emails will be delivered without delay
  29. 29.`
  30. 30.Implement multiple sending strategies for time-sensitive emails: Bypass greylisting.
  31. 31.`
  32. 32.# For critical emails (password resets, alerts):
  33. 33.# - Use a transactional email service (SendGrid, Amazon SES) with pre-warmed IPs
  34. 34.# - Use a dedicated sending IP that regularly delivers to the receiving domain
  35. 35.# - Consider using push notifications or SMS for time-critical messages
  36. 36.`

Prevention

  • Maintain a warm sending IP that regularly delivers to major email providers
  • Use established transactional email services for time-sensitive communications
  • Configure sending servers to retry deferred messages promptly (within 5 minutes)
  • Monitor email delivery times and alert when first-time delivery exceeds 15 minutes
  • Build sender reputation with proper SPF, DKIM, and DMARC configuration
  • Document greylisting-affected domains and use alternative delivery channels for urgent messages