1

Topic: Greylisting - sub-domains whitelist issue

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: Debian GNU/Linux 8.8 (jessie)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Not
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

According to the online documentation [http://tinyurl.com/k72pfn3] the script "tools/greylisting_admin.py" should allow to  add sub-domains to the whitelist ("- entire domain and all its sub-domains: @.domain.com"). My whitelist config looks like:

****@****:/opt/iredapd/tools# python greylisting_admin.py --list
Status   Sender                             -> Local Account                 
------------------------------------------------------------------------------
disabled @.pw.edu.pl                       -> @. (anyone)                   
enabled  @. (anyone)                        -> @. (anyone)   

but unfortunately it's not working properly:

May 13 08:46:00 **** postfix/smtpd[6618]: NOQUEUE: reject: RCPT from ****.tele.pw.edu.pl[****]: 451 4.7.1 <test@****.pl>: Recipient address rejected: Intentional policy rejection, please try again later; from=<****@tele.pw.edu.pl> to=<test@****.pl> proto=ESMTP helo=<****.tele.pw.edu.pl>

I have no idea what's wrong, but I can suppose it's about regex.

Thanks in advance,
MG

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Greylisting - sub-domains whitelist issue

Could you please enable debug mode in iRedAPD, send one more testing email from ****.tele.pw.edu.pl, then copy the full iRedAPD log related to this testing and paste here? we need the log for troubleshooting.

3 (edited by mptg 2017-05-13 20:41:20)

Re: Greylisting - sub-domains whitelist issue

Please look at the full log file in the attachment. This time I've sent an email from "m.golanski[at]tele.pw.edu.pl" to "test2[at]dombianco.com.pl". Whitelist still looks like:

Sender                             -> Local Account                  Status 
------------------------------------------------------------------------------
@.pw.edu.pl                        -> @. (anyone)                    disabled

Log file wasn't obfuscated, so it contains full information.

Regards,
MG

Post's attachments

iredapd2.log 13.96 kb, 2 downloads since 2017-05-13 

You don't have the permssions to download the attachments of this post.

4

Re: Greylisting - sub-domains whitelist issue

It's a bug of greylisting plugin. Here's patch to fix it:

--- a/plugins/greylisting.py    2017-05-15 08:59:03.000000000 +0800
+++ b/plugins/greylisting.py    2017-05-15 09:00:11.000000000 +0800
@@ -354,7 +354,7 @@
     recipient = kwargs['recipient_without_ext']
     recipient_domain = kwargs['recipient_domain']
 
-    policy_recipients = [recipient, '@' + recipient_domain, '@.']
+    policy_recipients = [recipient, '@' + recipient_domain, '@.' + recipient_domain, '@.']
     policy_senders = [sender,                   # email address
                       '@' + sender_domain,      # sender domain
                       '@.' + sender_domain,     # sender sub-domains

Thanks for the feedback. smile

5

Re: Greylisting - sub-domains whitelist issue

Thanks for the quick support! I was little bit busy, so couldn't check patch until today. Now I am trying apply it, but every time I get error message "Hunk #1 FAILED at 354". I send to you "greylisting.py" installed on my server. Maybe it's about different version between yours and mine.

Regards,
MG

Post's attachments

greylisting.py 14.1 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

6

Re: Greylisting - sub-domains whitelist issue

How about edit the file manually? It will be easier since there's only one line changed.

7

Re: Greylisting - sub-domains whitelist issue

ZhangHuangbin wrote:

How about edit the file manually? It will be easier since there's only one line changed.

You are right. I made changes. Thank you!