Synth-DIY Yahoo! Groups Archives

Hello All,

This is my first message, so please be indulgent :)

I use postfix together with milter-greylist-4.5.12 
compiler:/usr/src/redhat/BUILD/milter-greylist-4.5.12 Thu May 21 
15:10:41 EDT 2015. I experience problem with greylisting regarding 
particular domains, for example: komputronik-biznes.pl.  I didn't notice 
problem like this one time, this is an exmple of similar events only.

I found in the log of my SMTP serwer the following line:

Feb 19 14:50:21 mx01 logger: milter-greylist: MILTERSTAT: 2016.02.19 
14:50:21 mx-01.ktr.pl [195.138.211.150] xxx.yyy@... -> 
aaa.bbb@... tempfail (ACL 311) 451 4.7.1 SPFINFO: SPF:e  
Greylisting in action, please come back later:  host mx-01.ktr.pl 
[195.138.211.150]  domain 'komputronik-biznes.pl'

During manual query SPF of komputronik-biznes.pl domain, the answers are 
as follow:

First DNS query:
- dig +short komputronik-biznes.pl txt
- Result: "v=spf1 include:ktb-spf.ktr.pl include:spf.ktr.pl -all"

The second  DNS query:
   -- dig +short spf.ktr.pl txt
   -- Result: "v=spf1 a mx ip4:195.138.211.0/24 ip4:91.198.150.0/24"

Then, the list of networks contains 195.138.211.0/24, then IP of the 
sender 195.138.211.150 is on the list, but milter-greylist delayed this 
mail.

Why milter-greylist behaves this way?

P.S.
Below, is my config file and log queries of two DNS servers made by 
email server.

Thanks for your help,
Gienek


--------------------------------------------
# My greylist.conf is as follow:

stat "|logger -p mail.info"  "milter-greylist: MILTERSTAT: %T{%Y.%m.%d 
%T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"

geoipdb "/usr/share/GeoIP/GeoIP.dat"
verbose
peer 10.31.11.2
peer 10.31.11.3
peer 10.21.2.230
syncaddr * port 5252
racl whitelist addr 127.0.0.0/8
racl whitelist addr 10.0.0.0/8
racl whitelist addr 172.16.0.0/12
racl whitelist addr 192.168.0.0/16
racl whitelist from /.*@epcon\.pl /
racl whitelist from /.*@pse\.pl/
racl whitelist from /.*@medicover\.pl/
racl whitelist from /.*@kai-info\.eu/
racl whitelist from /.*@citi\.com/
racl whitelist from /.*@ecitele\.com/
racl whitelist from /.*@equitybank\.co\.ke/
report all
delayedreject
dumpfreq 5m
timeout 8h
greylist 6m
autowhite 14d
subnetmatch /24
nodrac
quiet
pidfile "/var/run/milter-greylist.pid"
socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
user "postfix"
racl whitelist spf pass
racl greylist spf fail  msg "SPFINFO: SPF:f  Greylisting in action, 
please come back later:  host %d [%i]  domain '%sf'" delay 120m 
autowhite 14d

# this line has number 310 !!!
racl greylist spf error msg "SPFINFO: SPF:e  Greylisting in action, 
please come back later:  host %d [%i]  domain '%sf'" delay 120m 
autowhite 14d


# =========================================================
# DNS queries by host running milter-greylist (DNS server is on this 
some host)

19-Feb-2016 14:50:19.307  127.0.0.1#45252 (komputronik-biznes.pl): 
komputronik-biznes.pl IN MX + (127.0.0.1)
19-Feb-2016 14:50:19.367  127.0.0.1#46522 (komputronik-biznes.pl): 
komputronik-biznes.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.367  127.0.0.1#51590 (komputronik-biznes.pl): 
komputronik-biznes.pl IN TXT + (127.0.0.1)
19-Feb-2016 14:50:19.388  127.0.0.1#60096 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.458  10.21.2.247#40938 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:19.596  127.0.0.1#46046 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.667  10.21.2.247#37189 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:19.806  127.0.0.1#50880 (komputronik-biznes.pl): 
komputronik-biznes.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.806  127.0.0.1#56799 (komputronik-biznes.pl): 
komputronik-biznes.pl IN TXT + (127.0.0.1)
19-Feb-2016 14:50:19.806  127.0.0.1#53576 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.874  10.21.2.247#60803 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:20.018  127.0.0.1#44488 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:20.092  10.21.2.247#55055 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:20.239  127.0.0.1#55187 (komputronik-biznes.pl): 
komputronik-biznes.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:20.239  127.0.0.1#43869 (komputronik-biznes.pl): 
komputronik-biznes.pl IN TXT + (127.0.0.1)
19-Feb-2016 14:50:20.239  127.0.0.1#37714 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:20.310  10.21.2.247#44763 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:21.270  127.0.0.1#48180 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:21.340  10.21.2.247#47636 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)

# another DNS server got the queries also as follow:
19-Feb-2016 14:50:19.527  10.21.2.247#45405 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:19.737  10.21.2.247#56195 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:19.945  10.21.2.247#37866 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:20.165  10.21.2.247#60834 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:21.198  10.21.2.247#45035 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:21.411  10.21.2.247#50334 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
# =========================================================
Milter-greylist

Problem with particular domains

Attachments

Move to quarantaine
