1

Topic: greylisting logs

==== Required information ====
- iRedMail version: 0.8.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Linux/BSD distribution name and version: OpenSUSE 12.3
- Related log if you're reporting an issue:
====

where is the log file for the greylisting implemented in iRedmail?  Where is the database of "known" domains kept?

2

Re: greylisting logs

AshcorTech wrote:

where is the log file for the greylisting implemented in iRedmail?

/var/log/cbpolicyd.log

AshcorTech wrote:

Where is the database of "known" domains kept?

Database name: vmail.

3

Re: greylisting logs

Zhang,

thanks for the reply.  I think I asked my second question wrong however.. I was referring to the greylist "known" domains, not the iRedmail domains that the server serves.

basically I'm trying to make sure that greylisting is working correctly so I'd like to see where the logs are that show it in action and to see a list of domains that it currently "trusts"

currently I'm only seeing a lot of this in the cbpolicyd.log:

[2013/08/26-07:45:23 - 1922] [CBPOLICYD] WARNING: Client closed connection => Peer: 127.0.0.1:55403, Local: 127.0.0.1:10031

and not much else...  Is this what I should expect to see?

thanks,

jeff

4

Re: greylisting logs

AshcorTech wrote:

thanks for the reply.  I think I asked my second question wrong however.. I was referring to the greylist "known" domains, not the iRedmail domains that the server serves.

It should be stored in "cluebringer.policy_group_members". You should add all your mail domains (includes their alias domains) here.

P.S. I'm working on Cluebringer support within iRedAdmin-Pro, it will add/remove alias domains to/from Cluebringer database for you automatically while you adding/removing alias domain in domain profile page.

5

Re: greylisting logs

ok, so the short answer is that they are mysql stored.

I'm looking in the cluebringer.grelisting_autowhitelist and the table is totally empty.  shouldn't this be populated with records for each domain that has sent mail more than once?

(this is the info was looking for to see if greylisting was working.. to see auto whitelist entries)

6

Re: greylisting logs

To verify whether greylisting is work or not, a simple way is sending a testing email from Gmail/Hotmail/etc, then check your log file.

You will see records in SQL table "cluebringer.greylisting_tracking".

7 (edited by AshcorTech 2013-08-27 21:20:54)

Re: greylisting logs

ZhangHuangbin wrote:

To verify whether greylisting is work or not, a simple way is sending a testing email from Gmail/Hotmail/etc, then check your log file.

You will see records in SQL table "cluebringer.greylisting_tracking".

there's nothing in table greylisting_tracking, greylisting_autowhitelist or greylisting_autoblacklist...

session_tracking does however have new records in it when emails come in....

looking at main.cf I do see:

check_policy_service_inet:127.0.0.1:10031

in the smtpd_recipients_restrictions section and 10031 is the port set in cluebringer.conf....

also, trying to log into https://<myserver>/cluebringer/ returns a 404 unknown page error.

there's noting in /srv/www/... to indicate a webpage for "cluebringer"

8

Re: greylisting logs

openSUSE doesn't ship Apache modules: mod_auth_mysql and mod_auth_pgsql, so iRedMail didn't configure Cluebringer webui. You have to install and configure it manually.

Do you have any record in table "greylisting"? Show us output of below commands:

mysql> SELECT * FROM greylisting \G
mysql> SELECT * FROM policies;
mysql> SELECT * FROM policy_groups;
mysql> SELECT * FROM policy_group_members;

Also, we're working on Cluebringer support within iRedAdmin-Pro, below features will be available in next release of iRedAdmin-Pro:

- Per-domain and per-user greylisting control
- Server wide whitelisting management
- Server wide blacklisting management

Per-domain white/blacklist can be implemented with Cluebringer, but it won't be available in next release of iRedAdmin-Pro.
Let me know what features you wish to be able to manage with iRedAdmin-Pro.

9

Re: greylisting logs

=ZhangHuangbin]openSUSE doesn't ship Apache modules: mod_auth_mysql and mod_auth_pgsql, so iRedMail didn't configure Cluebringer webui. You have to install and configure it manually.

Do you have any record in table "greylisting"? Show us output of below commands:

mysql> SELECT * FROM greylisting \G
mysql> SELECT * FROM policies;
mysql> SELECT * FROM policy_groups;
mysql> SELECT * FROM policy_group_members;

mysql> select * from greylisting \G
*************************** 1. row ***************************
                     ID: 1
               PolicyID: 3
                   Name: Greylisting Inbound Emails
         UseGreylisting: 1
         GreylistPeriod: 240
                  Track: SenderIP:/24
   GreylistAuthValidity: 604800
GreylistUnAuthValidity: 86400
       UseAutoWhitelist: 1
    AutoWhitelistPeriod: 604800
     AutoWhitelistCount: 100
AutoWhitelistPercentage: 90
       UseAutoBlacklist: 1
    AutoBlacklistPeriod: 604800
     AutoBlacklistCount: 100
AutoBlacklistPercentage: 20
                Comment:
               Disabled: 0
1 row in set (0.00 sec)

+----+------------------+----------+--------------------------------+----------+
| ID | Name             | Priority | Description                    | Disabled |
+----+------------------+----------+--------------------------------+----------+
|  1 | Default          |        0 | Default System Policy          |        0 |
|  2 | Default Outbound |       10 | Default Outbound System Policy |        0 |
|  3 | Default Inbound  |       10 | Default Inbound System Policy  |        0 |
|  4 | Default Internal |       20 | Default Internal System Policy |        0 |
|  5 | Test             |       50 | Test policy                    |        0 |
+----+------------------+----------+--------------------------------+----------+

Policy_groups:

internal_ips
internal_domains

policy_group_members:

here may be the rub... my real domain is not listed in this table....  Is it just a matter of adding a record to the policy_domain_members table for each domain I want greylisting on?

current records for :  10.0.0.0/8, @example.com, @example.org, @<mydomain>.net

my true domain that is actually getting mail is "<mydomain>.com"

10

Re: greylisting logs

AshcorTech wrote:

policy_group_members:
here may be the rub... my real domain is not listed in this table....  Is it just a matter of adding a record to the policy_domain_members table for each domain I want greylisting on?

You must list all your mail domains as member of policy group 'internal_domains'.

Please, show me the original output of mysql commands, i don't know how to help give you correct MySQL commands to fix your issue.

11

Re: greylisting logs

so I went ahead and manually added a record in policy_group_members for <mydomain>.com and sent a few test messages. 

greylist_tracking now has a record for those emails.. 

is there any other config records I need to create to get greymail working correctly with this domain?

how long should I expect to wait for the emails to come through?

12 (edited by AshcorTech 2013-08-27 23:03:38)

Re: greylisting logs

ZhangHuangbin wrote:
AshcorTech wrote:

policy_group_members:
here may be the rub... my real domain is not listed in this table....  Is it just a matter of adding a record to the policy_domain_members table for each domain I want greylisting on?

You must list all your mail domains as member of policy group 'internal_domains'.

Please, show me the original output of mysql commands, i don't know how to help give you correct MySQL commands to fix your issue.


Zhang,

I'm a mysql dba, so you can pretty much just tell me what records are needed in what tables and I'll write the queries.

I've inserted a record in policy_group_members for <mydomain>.com and now am seeing records in greylisting_tracking for all new emails coming into that domain.

the two test emails I sent an the email alerting me to your last post have now come into my inbox after showing up in the greylisting_tracking table.

I would expect (although I've never used greylisting with mysql before) that the greylisting_autowhitelist would get populated with known good email domains so that there is no delay for subsequent emails.  Am I correct in this assumption?

if not, where are the records for known good domains kept?

13

Re: greylisting logs

Hi AshcorTech,

Check its wiki site for more details: http://wiki.policyd.org/
http://wiki.policyd.org/greylisting

14 (edited by AshcorTech 2013-08-28 01:49:03)

Re: greylisting logs

ZhangHuangbin wrote:

Hi AshcorTech,

Check its wiki site for more details: http://wiki.policyd.org/
http://wiki.policyd.org/greylisting

Zhang,

I've been there and read the pages and according to what they say, given that my cluebringer.greylisting table has this:

ID: 1
PolicyID: 3
Name: Greylisting Inbound Emails
UseGreylisting: 1
GreylistPeriod: 240
Track: SenderIP:/24
GreylistAuthValidity: 604800
GreylistUnAuthValidity: 86400
UseAutoWhitelist: 1
AutoWhitelistPeriod: 604800
AutoWhitelistCount: 100
AutoWhitelistPercentage: 90
UseAutoBlacklist: 1
AutoBlacklistPeriod: 604800
AutoBlacklistCount: 100
AutoBlacklistPercentage: 20
                Comment:
               Disabled: 0

specifically "UseAutoWhitelist=1" I would expect to see records in the greylisting_autowhitelist table but I still do not.

15

Re: greylisting logs

OK, I see the issue now.  in the cluebringer.greylisting table the field AutoWhitelistCount = 100.  So if understand the wiki correctly the sending mailserver must pass 100 msgs through the greylist module before it will add to the greylisting_autowhitelist table.

16

Re: greylisting logs

You're right. Of course you can modify this value if you want.

17 (edited by AshcorTech 2013-08-28 09:16:00)

Re: greylisting logs

I did modify those settings, put AutoWhiteListCount = 5 and AutoWhiteListPercentage = 50.

Something still isn't correct however.  for instance I have a greylisting table record that is the result of a test I ran with a script on another server that sent me an email every minute or so..

the result in the greylisting table is 8 "tries" and 597 "count"...

this should be well past the needed amount for an greylisting_autowhitelist table entry but that table is still empty.

18

Re: greylisting logs

It's better to post to Cluebringer mailing list, ask developers how it work:
http://wiki.policyd.org/#troubleshooting