1

Topic: Mail is blocked when using a mail spooling service...

======== Required information ====
- iRedMail version: 0.8.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: Centos 6.5 64bit
- Related log if you're reporting an issue:
====

Good morning,

Thus far I have been testing my iRedMail setup with a test domain & email. Our actual domain uses a mail spooling service and MX Logic provides this service. During my tests over the weekend I saw many log entries like this in /var/log/maillog:

Mar 23 10:05:08 dmzsvr14v postfix/smtpd[3693]: connect from unknown[208.65.144.247]
Mar 23 10:05:09 dmzsvr14v policyd: rcpt=66, blacklist=block, host=208.65.144.247 (unknown), from=xxxxx1980@gmail.com, to=lhiggs@coatsxxxxx.com, size=0
Mar 23 10:05:09 dmzsvr14v postfix/smtpd[3693]: NOQUEUE: reject: RCPT from unknown[208.65.144.247]: 554 5.7.1 <lhiggs@coatsxxxxx.com>: Recipient address rejected: Policy Rejection- Abuse. Go away.; from=<xxxxx1980@gmail.com> to=<lhiggs@coatsxxxxx.com> proto=ESMTP helo=<p01c11m014.mxlogic.net>
Mar 23 10:05:09 dmzsvr14v postfix/smtpd[3693]: disconnect from unknown[208.65.144.247]

The sender (my gmail account) received this failed delivery message:

This message was created automatically by mail delivery software.

A message that you have sent could not be delivered to one or more
recipients.  This is a permanent error.  The following address failed:

  <lhiggs@coatsxxxxx.com>: 554 5.7.1 <lhiggs@coatsxxxxx.com>: Recipient address rejected: Policy Rejection- Abuse. Go away.


Included is a copy of the message header:
-----------------------------------------
Received: from unknown [209.85.214.173] (EHLO mail-ob0-f173.google.com)
        by p02c12m003.mxlogic.net(mxl_mta-7.2.4-1) over TLS secured channel
        with ESMTP id c2aee235.0.293232.00-2334.398321.p02c12m003.mxlogic.net (envelope-from <xxxx1980@gmail.com>);
        Sun, 23 Mar 2014 08:05:32 -0600 (MDT)
Received: by mail-ob0-f173.google.com with SMTP id gq1so4578335obb.18
        for <lhiggs@coatsxxxxx.com>; Sun, 23 Mar 2014 07:05:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=WKxVfC7FbNxyV14WMQkNeKjzu/s+0LWpLDxBVP4FWXk=;
        b=Lrx+0fl4AKk3N+61Vk4+IdI9G8tIVqO1k5sa5hvXIfBCCa922oiMLvJSe32EcI2QXo
         JKamReYdLTjI2q+rPw/f6mo7f0McHvHwbOOIVLACyefybCGUh9f02JVEu92ga0x0c9xK
         nbHtKFGtoGT7bSK70BM11F9K9kF7skI3StZvZz0HY+AHh3EJ6yg3MUsJB43UFz6YGXj9
         VdVQbgrNfg2s3bSSK/nfM1b2mxj//I33VJf/9zq2Nc1JXOjGNImhh+vBEqD0baAa59ND
         dc+KHGVWJpFhmkQhplqZopumTcu4OsQEqk754DXsn9wNDOqtIBB7Vzy1H3c3fk+osy91
         TcXQ==
MIME-Version: 1.0
X-Received: by 10.182.24.69 with SMTP id s5mr22278498obf.35.1395583532031;
 Sun, 23 Mar 2014 07:05:32 -0700 (PDT)
Received: by 10.76.1.228 with HTTP; Sun, 23 Mar 2014 07:05:31 -0700 (PDT)
Date: Sun, 23 Mar 2014 10:05:31 -0400
Message-ID: <CAJ+GSu3-bG58CG8d1gRVcd7GdFSoUkoQ3XLK-v_qk=fOv4Z_7Q@mail.gmail.com>
Subject: Test C
From: xxxx xxxx <xxxx1980@gmail.com>
To: xxxx xxxx <lhiggs@coatsxxxxx.com>
Content-Type: multipart/alternative; boundary=001a11c2a20cae642604f5469cdc

I don't quite understand what is going on here, is the failed delivery message showing that it is both from and to the same email address? Any ideas on what I need to do to allow mail to be delivered from a mailing spooling service?

Thanks!
Luke

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Mail is blocked when using a mail spooling service...

I've found two mxlogic IP addresses in my policyd->blacklist table...I'm not sure how they got there, although I see that the IP's are flagged as suspicous by some RBL lists. This appears to be causing the errors in receiving mail from MX logic, how can I ensure that those IPs aren't blacklisted?

Thanks!
Luke

3

Re: Mail is blocked when using a mail spooling service...

lhiggs wrote:

how can I ensure that those IPs aren't blacklisted?

You have to check Policyd blacklist. and the RBL list sites you're using.

By the way, your first post confuses me. Is your server upgraded from an old iRedMail version? Because iRedMail-0.8.6 doesn't use Policyd anymore, it uses Cluebringer (a.k.a. Policyd v2) instead.

4

Re: Mail is blocked when using a mail spooling service...

ZhangHuangbin wrote:

By the way, your first post confuses me. Is your server upgraded from an old iRedMail version? Because iRedMail-0.8.6 doesn't use Policyd anymore, it uses Cluebringer (a.k.a. Policyd v2) instead.

I was mistaken, I am actually running 0.8.5 according to /etc/iredmail-release, I thought I was on the latest version.

Re the policyd blacklist: The IP addresses from our mail spooling service are being populated in the policyd blacklist and all email is being subsequently blacklisted as a result. Even after I remove these from the MySQL table they are put back in shortly after.

In /etc/policd.conf BLACKLISTING is set to 1 but AUTO_BLACK_LISTING is set to 0. It's important that iRedMail doesn't reject any mail, only flags possible spam. How can I allow all spam from a particular group of IP addresses?

Thanks for all you help, I appreciate it.

Luke

5

Re: Mail is blocked when using a mail spooling service...

lhiggs wrote:

In /etc/policd.conf BLACKLISTING is set to 1 but AUTO_BLACK_LISTING is set to 0. It's important that iRedMail doesn't reject any mail, only flags possible spam. How can I allow all spam from a particular group of IP addresses?

I have no idea why it's listed in Policyd blacklist if you have AUTO_BLACK_LISTING disabled (set to 0).

Blacklisting in Policyd will reject sender immediately, not flag it.