greylisting - working or not ?!

Prev: test2
Next: Postfix bouncing

From: Axel Werner on 27 Nov 2007 10:34

---

hi there,

i installed the postgrey daemon in my debian linux with postfix. i used
some howto/manual to make my configs look similar. so it should be fine.
however, im not sure the thing is working correctly.

as far i understand greylisting, my postfix now should reject
(temporarily) the first connection try of a remote mailserver and do not
accept the first-time-email from that remote host. the next time the
same host connects it should accept the mail. however...my mailserver
does not seem to reject any email like this. it seems it accepts ANY
mail from ANY Host that is adressed to one of my local domains or local
mailboxes.

it rejects mail from remote hosts that is to be relayed. so it should.
but even mail to the local mailbox seems not to be rejected by postgrey
the first time.

does anybody have an idea of what is the problem here ??
you can figure out my mailserver by my email adress. so check out
yourself sending me an email from your host directly.




my main.cf (the most important part i think) looks like this:

SMTPD_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client relays.ordb.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client list.dsbl.org,
check_policy_service net:127.0.0.1:60000


ps: i was not able to see a log entry of postgrey or anything like this.
never seen something "positive" in my logs.


greets
Axel

From: ONYX on 28 Nov 2007 06:15

---

On 27 ÎÏÑÂ, 18:34, Axel Werner <m...(a)awerner.homeip.net> wrote:
> hi there,
>
> i installed the postgrey daemon in my debian linux with postfix. i used
> some howto/manual to make my configs look similar. so it should be fine.
> however, im not sure the thing is working correctly.
>
> as far i understand greylisting, my postfix now should reject
> (temporarily) the first connection try of a remote mailserver and do not
> accept the first-time-email from that remote host. the next time the
> same host connects it should accept the mail. however...my mailserver
> does not seem to reject any email like this. it seems it accepts ANY
> mail from ANY Host that is adressed to one of my local domains or local
> mailboxes.
>
> it rejects mail from remote hosts that is to be relayed. so it should.
> but even mail to the local mailbox seems not to be rejected by postgrey
> the first time.
>
> does anybody have an idea of what is the problem here ??
> you can figure out my mailserver by my email adress. so check out
> yourself sending me an email from your host directly.
>
> my main.cf (the most important part i think) looks like this:
>
> SMTPD_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> reject_rbl_client sbl.spamhaus.org,
> reject_rbl_client relays.ordb.org,
> reject_rbl_client dnsbl.njabl.org,
> reject_rbl_client list.dsbl.org,
> check_policy_service net:127.0.0.1:60000
>
> ps: i was not able to see a log entry of postgrey or anything like this.
> never seen something "positive" in my logs.
>
> greets
> Axel

check_policy_service inet:127.0.0.1:60000
BUT NOT
check_policy_service net:127.0.0.1:60000

correct main.cf and it should work!

From: ONYX on 28 Nov 2007 06:24

---

On 27 ÎÏÑÂ, 18:34, Axel Werner <m...(a)awerner.homeip.net> wrote:
> hi there,
>
> i installed the postgrey daemon in my debian linux with postfix. i used
> some howto/manual to make my configs look similar. so it should be fine.
> however, im not sure the thing is working correctly.
>
> as far i understand greylisting, my postfix now should reject
> (temporarily) the first connection try of a remote mailserver and do not
> accept the first-time-email from that remote host. the next time the
> same host connects it should accept the mail. however...my mailserver
> does not seem to reject any email like this. it seems it accepts ANY
> mail from ANY Host that is adressed to one of my local domains or local
> mailboxes.
>
> it rejects mail from remote hosts that is to be relayed. so it should.
> but even mail to the local mailbox seems not to be rejected by postgrey
> the first time.
>
> does anybody have an idea of what is the problem here ??
> you can figure out my mailserver by my email adress. so check out
> yourself sending me an email from your host directly.
>
> my main.cf (the most important part i think) looks like this:
>
> SMTPD_recipient_restrictions = permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> reject_rbl_client sbl.spamhaus.org,
> reject_rbl_client relays.ordb.org,
> reject_rbl_client dnsbl.njabl.org,
> reject_rbl_client list.dsbl.org,
> check_policy_service net:127.0.0.1:60000
>
> ps: i was not able to see a log entry of postgrey or anything like this.
> never seen something "positive" in my logs.
>
> greets
> Axel

"as far i understand greylisting, my postfix now should reject
(temporarily) the first connection try of a remote mailserver and do
not
accept the first-time-email from that remote host. the next time the
same host connects it should accept the mail."

Its not true. The single mail identified with 3 parametres: client
hostname, sender email address, recipient email address. So
greylisting will pass the next mail ONLY if all 3 parametres are the
same as in the previous smtp session from the host!

Sorry for my english, im trying!

From: Axel Werner on 28 Nov 2007 10:58

---

ONYX schrieb:
>> SMTPD_recipient_restrictions = permit_mynetworks,
>> permit_sasl_authenticated,
>> reject_unauth_destination,
>> reject_rbl_client sbl.spamhaus.org,
>> reject_rbl_client relays.ordb.org,
>> reject_rbl_client dnsbl.njabl.org,
>> reject_rbl_client list.dsbl.org,
>> check_policy_service net:127.0.0.1:60000
>>

>
> check_policy_service inet:127.0.0.1:60000
> BUT NOT
> check_policy_service net:127.0.0.1:60000
>
> correct main.cf and it should work!
>

thanks fer reply. well..there is a typo in my last quote. since in my
real main.cfg there is a "inet" and not "net" already. so somehow on
quoting it changed to net :). here my recent main.cf

SMTPD_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
check_policy_service inet:127.0.0.1:60000,
reject_unauth_destination,
reject


so the "net" was a good hint. but is not the real one. must be something
else here.

thanks anyway for help!

 | 
Pages: 1
Prev: test2
Next: Postfix bouncing