1 Topic by redbaron (edited by redbaron 2012-06-24 00:13:13)

  • redbaron
  • Member
  • Offline
  • Registered: 2012-03-21
  • Posts: 11

Topic: Strange behavior with Greylisting

==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
==== ==== Provide required information ====
- iRedMail version and backend (LDAP/MySQL/PGSQL): iRedAdmin-Pro     v1.3.1 (MySQL)
- Linux/BSD distribution name and version: Ubuntu Server 10.04.LTS
- Any related log? Log is helpful for troubleshooting.
====

I received complaint about not delivering mail from mail.yahoo.com to my domain. When I rechecked mail.log I found strange behavior of postfix-policyd greylisting system. Here it is:

Jun 18 22:27:26 mail postfix-policyd: rcpt=24188, greylist=new,    host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 18 22:34:05 mail postfix-policyd: rcpt=24215, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 01:14:07 mail postfix-policyd: rcpt=24715, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 02:27:26 mail postfix-policyd: rcpt=24827, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 03:54:05 mail postfix-policyd: rcpt=24941, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 05:34:06 mail postfix-policyd: rcpt=25038, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 07:27:26 mail postfix-policyd: rcpt=25158, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 09:34:07 mail postfix-policyd: rcpt=25325, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 11:54:07 mail postfix-policyd: rcpt=25961, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 14:27:26 mail postfix-policyd: rcpt=26599, greylist=new,    host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 17:14:05 mail postfix-policyd: rcpt=27828, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 20:14:06 mail postfix-policyd: rcpt=28821, greylist=update, host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0
Jun 19 23:27:26 mail postfix-policyd: rcpt=29517, greylist=awl,    host=98.139.91.22 (omp1022.mail.sp2.yahoo.com), from=va@yahoo.com, to=lt@abc.gov.ge, size=0, expire=1340738846

At 14:27:26 mail was rejected (greylist=new),but here is about 33 minute difference between previous greylist=update and the triplet is same (source mail address, destination mail address and host, this is how I understand triplet).

Jun 20 18:07:13 mail postfix-policyd: rcpt=33632, greylist=new,    host=98.139.91.240 (nm11-vm0.bullet.mail.sp2.yahoo.com), from=va@yahoo.com, to=er@abc.gov.ge, size=0
Jun 20 18:08:58 mail postfix-policyd: rcpt=33644, greylist=abuse,  host=98.139.91.240 (nm11-vm0.bullet.mail.sp2.yahoo.com), from=va@yahoo.com, to=er@abc.gov.ge, size=0
Jun 20 18:12:45 mail postfix-policyd: rcpt=33656, greylist=awl,    host=98.139.91.240 (nm11-vm0.bullet.mail.sp2.yahoo.com), from=va@yahoo.com, to=er@abc.gov.ge, size=0, expire=1340806365

At 18:12:45 host was whitelisted, but as in configuration file there must be 10 successful triplets before awl. Strange

Jun 21 15:15:48 mail postfix-policyd: rcpt=957,   greylist=new,    host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 21 15:22:28 mail postfix-policyd: rcpt=998,   greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 21 18:02:27 mail postfix-policyd: rcpt=1960,  greylist=new,    host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 21 19:15:47 mail postfix-policyd: rcpt=2280,  greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 21 20:42:28 mail postfix-policyd: rcpt=2612,  greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 21 22:22:26 mail postfix-policyd: rcpt=2924,  greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 22 00:15:48 mail postfix-policyd: rcpt=3298,  greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 22 02:22:29 mail postfix-policyd: rcpt=3581,  greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 22 04:42:28 mail postfix-policyd: rcpt=3772,  greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 22 07:15:48 mail postfix-policyd: rcpt=3950,  greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 22 10:02:28 mail postfix-policyd: rcpt=4245,  greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 22 13:02:28 mail postfix-policyd: rcpt=5148,  greylist=update, host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0
Jun 22 16:15:47 mail postfix-policyd: rcpt=6156,  greylist=new,    host=98.139.91.55 (omp1055.mail.sp2.yahoo.com), from=va@yahoo.com, to=an@abc.gov.ge, size=0

At 18:02:27 and 16:15:47  mail was also rejected (greylist=new) and time difference after previous greylist=update is about 3 hours and in config file I have TRIPLET_AUTH_TIMEOUT=30d. SAME STRANGE BEHAVIOUR.

So policyd version is 1.82.

postfix-policyd.conf

MYSQLHOST="127.0.0.1"
MYSQLDBASE="postfixpolicyd"
MYSQLUSER="postfix-policyd"
MYSQLPASS=""
MYSQLOPT=""
FAILSAFE=1
DATABASE_KEEPALIVE=0
DEBUG=0
DAEMON=1
BINDHOST="127.0.0.1"
BINDPORT="10031"
PIDFILE=/var/run/policyd.pid
SYSLOG_FACILITY="LOG_MAIL|LOG_INFO"
CHROOT=/home/policyd
UID=1002
GID=1002
CONN_ACL="127.0.0.1"
WHITELISTING=1
WHITELISTNULL=0
WHITELISTSENDER=1
WHITELISTDNSNAME=0
AUTO_WHITE_LISTING=1
AUTO_WHITELIST_NUMBER=10
AUTO_WHITELIST_NETBLOCK=0
AUTO_WHITELIST_EXPIRE=30d
BLACKLISTING=1
BLACKLISTDNSNAME=0
BLACKLIST_TEMP_REJECT=0
BLACKLIST_NETBLOCK=0
BLACKLIST_REJECTION="Abuse. Go away."
AUTO_BLACK_LISTING=1
AUTO_BLACKLIST_NUMBER=500
AUTO_BLACKLIST_EXPIRE=7d
BLACKLIST_HELO=0
BLACKLIST_HELO_AUTO_EXPIRE=0
BLACKLISTSENDER=1
HELO_CHECK=1
HELO_MAX_COUNT=10
HELO_BLACKLIST_AUTO_EXPIRE=14d
HELO_AUTO_EXPIRE=7d
SPAMTRAPPING=1
SPAMTRAP_REJECTION="Abuse. Go away."
SPAMTRAP_AUTO_EXPIRE=7d
GREYLISTING=1
GREYLIST_REJECTION="Please try later."
GREYLIST_X_HEADER=1
GREYLIST_HOSTADDR=3
TRAINING_MODE=0
TRAINING_POLICY_TIMEOUT=0
TRIPLET_TIME=1m
OPTINOUT=0
OPTINOUTALL=0
TRIPLET_AUTH_TIMEOUT=30d
TRIPLET_UNAUTH_TIMEOUT=2d
SENDERTHROTTLE=0
SENDER_THROTTLE_SASL=0
SENDER_THROTTLE_HOST=0
QUOTA_EXCEEDED_TEMP_REJECT=1
SENDER_QUOTA_REJECTION="Quota Exceeded."
SENDER_SIZE_REJECTION="Message size too big."
SENDERMSGLIMIT=512
SENDERRCPTLIMIT=3600
SENDERQUOTALIMIT=500000000
SENDERTIMELIMIT=1h
SENDERMSGSIZE=102400000
SENDERMSGSIZE_WARN=50
SENDERMSGSIZE_PANIC=90
SENDER_INACTIVE_EXPIRE=31d
RECIPIENTTHROTTLE=1
RECIPIENTMSGLIMIT=64
RECIPIENTTIMELIMIT=1h
RECIPIENT_QUOTA_REJECTION="Quota Exceeded."
RECIPIENT_INACTIVE_EXPIRE=31d

postfix-policyd_throttle.conf

MYSQLHOST="127.0.0.1"
MYSQLDBASE="postfixpolicyd"
MYSQLUSER="postfix-policyd"
MYSQLPASS=""
MYSQLOPT=""
FAILSAFE=1
DATABASE_KEEPALIVE=0
DEBUG=0
DAEMON=1
BINDHOST="127.0.0.1"
BINDPORT="10032"
PIDFILE="/var/run/policyd_throttle.pid"
SYSLOG_FACILITY="LOG_MAIL|LOG_INFO"
CHROOT=/home/policyd
UID=1002
GID=1002
CONN_ACL="127.0.0.1"
WHITELISTING=0
WHITELISTNULL=0
WHITELISTSENDER=0
WHITELISTDNSNAME=0
AUTO_WHITE_LISTING=0
AUTO_WHITELIST_NUMBER=500
AUTO_WHITELIST_NETBLOCK=0
AUTO_WHITELIST_EXPIRE=7d
BLACKLISTING=0
BLACKLISTDNSNAME=0
BLACKLIST_TEMP_REJECT=1
BLACKLIST_NETBLOCK=0
BLACKLIST_REJECTION="Abuse. Go away."
AUTO_BLACK_LISTING=0
AUTO_BLACKLIST_NUMBER=500
AUTO_BLACKLIST_EXPIRE=7d
BLACKLIST_HELO=0
BLACKLIST_HELO_AUTO_EXPIRE=0
BLACKLISTSENDER=0
HELO_CHECK=0
HELO_MAX_COUNT=10
HELO_BLACKLIST_AUTO_EXPIRE=14d
HELO_AUTO_EXPIRE=7d
SPAMTRAPPING=0
SPAMTRAP_REJECTION="Abuse. Go away."
SPAMTRAP_AUTO_EXPIRE=7d
GREYLISTING=0
GREYLIST_REJECTION="Please try later."
GREYLIST_X_HEADER=0
GREYLIST_HOSTADDR=3
TRAINING_MODE=0
TRAINING_POLICY_TIMEOUT=0
TRIPLET_TIME=1m
OPTINOUT=0
OPTINOUTALL=0
TRIPLET_AUTH_TIMEOUT=30d
TRIPLET_UNAUTH_TIMEOUT=2d
SENDERTHROTTLE=1
SENDER_THROTTLE_SASL=1
SENDER_THROTTLE_HOST=0
QUOTA_EXCEEDED_TEMP_REJECT=0
SENDER_QUOTA_REJECTION="Quota Exceeded."
SENDER_SIZE_REJECTION="Message size too big."
SENDERMSGLIMIT=512
SENDERRCPTLIMIT=3600
SENDERQUOTALIMIT=500000000
SENDERTIMELIMIT=1h
SENDERMSGSIZE=157286400
SENDERMSGSIZE_WARN=50
SENDERMSGSIZE_PANIC=90
SENDER_INACTIVE_EXPIRE=31d
RECIPIENTTHROTTLE=0
RECIPIENTMSGLIMIT=64
RECIPIENTTIMELIMIT=1h
RECIPIENT_QUOTA_REJECTION="Quota Exceeded."
RECIPIENT_INACTIVE_EXPIRE=31d

P.S. Maybe it's better to update to 12.04 LTS and policyd v2

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.