Greylisting problem

General eFa discussion
andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Greylisting problem

Post by andyitc » 10 Mar 2015 16:09

I have a client that is running the latest EFA and they have a supplier who is sending them emails that always get greylisted. What happens is that the sending server always sends from a different IP address (They are using 254 different IP addresses). The first time that they get grey-listed the sending server will then try from a different IP address but then that get grey-listed and so on and eventually the email does not get delivered. I previously manually added all 254 addresses for that domain but it seems to have now forgotten most of them and I don't want to have to regularly type them all in as it is quite time consuming. I am wondering if is possible to exclude certain domains from being greylisted.

User avatar
shawniverson
Posts: 3115
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Greylisting problem

Post by shawniverson » 10 Mar 2015 21:51

Are the 254 addresses in a single contiguous segment?
Version eFa 4.0.2 now available!

andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc » 10 Mar 2015 22:00

Yes they are

User avatar
shawniverson
Posts: 3115
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Greylisting problem

Post by shawniverson » 11 Mar 2015 12:35

Try adding a class c network....do this by just entering the first three octets into the whitelist

Sender name: somesender
Sender domain: somedomain.com
Source (class c or d): 123.123.123
Version eFa 4.0.2 now available!

andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc » 11 Mar 2015 16:58

Tried adding the Class C but it didn't help

Andy

User avatar
pdwalker
Posts: 1312
Joined: 18 Mar 2015 09:16

Re: Greylisting problem

Post by pdwalker » 25 Mar 2015 06:03

andyitc wrote:Tried adding the Class C but it didn't help

Andy
Any joy with solving your problem?

andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc » 25 Mar 2015 08:03

unfortunately I haven't got anywhere with this problem

DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Greylisting problem

Post by DaN » 25 Mar 2015 10:00

Does
"Opt-out domains
(recipients for whom messages are never greylisted)"
not work?

andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc » 25 Mar 2015 10:08

Surely that would stop any recipient from being greylisted at all or am I misunderstanding the way that this is working? Strange thing is I have just checked and they are not waiting for this domain in the greylist now. It could be thatit has now managed to populate with all of the IP addresses

DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Greylisting problem

Post by DaN » 25 Mar 2015 10:12

EFA-Webinterface -> Greylist -> Optout domain -> add ONE domain
mails from this domain are never greylisted

andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc » 25 Mar 2015 10:19

Thank You.Ii had previously done this but I think it takes time before it becomes apparent that this is working. The terminology is confusing as it says

Opt-out domains
(recipients for whom messages are never greylisted)

It should actually say Opt-out domains
(senders for whom messages are never greylisted)

as it is the senders and not the recipients that we need to exclude from checking

DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Greylisting problem

Post by DaN » 25 Mar 2015 10:40

I'm afraid i am wrong. Sorry. I have to test again.

User avatar
pdwalker
Posts: 1312
Joined: 18 Mar 2015 09:16

Re: Greylisting problem

Post by pdwalker » 25 Mar 2015 10:41

my case is a little different

I have an upstream mail provider that removes all viral laden messages before passing them back to us (essentially they are our "smart host" for those particular domains.

The messages they send us are greylisted when any traffic from their IPs should immediately be accepted.

I can't figure out how to handle that.

DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Greylisting problem

Post by DaN » 25 Mar 2015 11:00

If the source IP's are from the same subnet xxx.xxx.xxx(.yyy) and "Greylist" -> "Domains" -> "Add to whitelist" is used, does this work?
Sender domain: thedomain.tld
Source (class c or d): xxx.xxx.xxx

Just guessing.

User avatar
pdwalker
Posts: 1312
Joined: 18 Mar 2015 09:16

Re: Greylisting problem

Post by pdwalker » 25 Mar 2015 11:50

tried that. Still getting grey listed.

I've tried:
sender domain: *
source: xxx.yyy.zzz

(the sender domains will be the original senders, not the domain of the virus removing provider/smarthost I am using).

User avatar
shawniverson
Posts: 3115
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Greylisting problem

Post by shawniverson » 25 Mar 2015 22:52

I don't think the sender domain can be a wildcard...
Version eFa 4.0.2 now available!

User avatar
pdwalker
Posts: 1312
Joined: 18 Mar 2015 09:16

Re: Greylisting problem [solved for me]

Post by pdwalker » 26 Mar 2015 04:42

nope. you cannot.

I solved the problem in the end

edit /etc/sqlgrey/clients_ip_whitelist.local
add in each ip address, line by line
/etc/sqlgrey restart

watch as the maillog changes from
Mar 26 12:34:37 efa postfix/smtpd[14224]: NOQUEUE: reject: RCPT from mail6.bemta17.messagelabs.com[117.120.20.71]: 451 4.7.1 <receiver@receiver.domain>: Recipient address rejected: Greylisted for 5 minutes; from=<sender@sender.domain> to=<receiver@receiver.domain> proto=ESMTP helo=<mail6.bemta17.messagelabs.com>
to
Mar 26 12:35:31 efa sqlgrey: whitelist: sender@sender.domain, 117.120.16.199(mail6.bemta10.messagelabs.com) -> receiver@receiver.domain

ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii » 08 Jul 2016 13:34

I know this is an old thread but after reading: /etc/sqlgrey/clients_fqdn_whitelist would it not be easier to add your domain to /etc/sqlgrey/clients_fqdn_whitelist.local?

ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii » 08 Jul 2016 13:35

andyitc wrote:Opt-out domains
(recipients for whom messages are never greylisted)

It should actually say Opt-out domains
(senders for whom messages are never greylisted)

as it is the senders and not the recipients that we need to exclude from checking
where would one report this? I totally agree its mislabeled.

dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt » 28 Jul 2016 22:47

Create & add IP ranges to: /etc/sqlgrey/clients_ip_whitelist.local
and/or
Create & add domains to /etc/sqlgrey/clients_fqdn_whitelist.local

See the original SQLGrey files for examples but do not modify the originals as they will be overwritten by a module update!
/etc/sqlgrey/clients_ip_whitelist
/etc/sqlgrey/clients_fqdn_whitelist

For IP's, you can add Class A, B, C or D addresses:
ie.
192.168.25.26
192.168.25
192.168
192

For _fqdn_ entries:
##
# SQLgrey expects the following expressions:
#
# hostname.domain.com # whole system name (least CPU intensive)
# *.domain.com # whitelist any fqdn in the domain 'domain.com'
# /regexp/ # whitelist any fqdn matching the regexp (by far most CPU intensive)

dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt » 28 Jul 2016 22:52

Also, occasionally run:

[root@efa sqlgrey]# update_sqlgrey_config

updating /etc/sqlgrey/clients_fqdn_whitelist:
--- /etc/sqlgrey/clients_fqdn_whitelist 2015-02-26 18:45:56.317999767 -0800
+++ clients_fqdn_whitelist 2016-06-27 08:02:37.000000000 -0700
@@ -100,6 +100,14 @@
# GL-group: no retry
mail.gl-group.com

+# StartSSL: no retry
+*.startcom.org
+*.startssl.com
+
+# Outlook.com users, retries do not come from the same server.
+*.outbound.protection.outlook.com
+
+
# Do not add anything here (this file can be overwritten by SQLgrey updates and
# update_sqlgrey_config), create a "clients_fqdn_whitelist.local" file
# and add your own entries in there
updating /etc/sqlgrey/smtp_server.regexp:
--- /etc/sqlgrey/smtp_server.regexp 2015-02-26 18:45:56.422999767 -0800
+++ smtp_server.regexp 2005-03-01 16:29:45.000000000 -0800
@@ -1 +1 @@
-^(.+[._-])*(apache|bounce|bulk|delay|d?ns|external|extranet|filter|firewall|forward|gateway|gw|m?liste?s?|(bulk|dead|mass|send|[eqw])?mail(er)?|e?mail(agent|host|hub|scan(ner)?)|messagerie|mta|v?mx|out(bound)?|pop|postfix|w?proxy|rela(is|y)|serveu?r|smarthost|v?smtp|web|www)(gate|mail|mx|pool|out|server)?[0-9]*[._-]
\ No newline at end of file
+^(.+[._-])*(apache|bounce|bulk|delay|d?ns|external|extranet|filter|firewall|forward|gateway|gw|m?liste?s?|(bulk|dead|mass|send|[eqw])?mail(er)?|e?mail(agent|host|hub|scan(ner)?)|messagerie|mta|v?mx|out(bound)?|pop|postfix|w?proxy|rela(is|y)|serveu?r|smarthost|v?smtp|web|www)(gate|mail|mx|pool|out|server)?[0-9]*[._-]
[root@efa sqlgrey]#

ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii » 29 Jul 2016 05:58

I'll add a feature suggestion for EFA to run this comand on a certain say weekly schedule?

dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt » 29 Jul 2016 16:24

:thumbup:

dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt » 29 Jul 2016 16:41

It would also be a nice feature to have the SQLGrey Webinterface have options to add/delete entries in /etc/sqlgrey/clients_ip_whitelist.local and /etc/sqlgrey/clients_fqdn_whitelist.local . . . .
Last edited by dbrunt on 02 Mar 2017 20:41, edited 1 time in total.

ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii » 29 Jul 2016 16:46

Good point! You might want to raise that issue with the guys who made the web interface, go to EFA => Greylisting and look towards the bottom where it says:

QLGrey webinterface v 1.1.6 by folkert@vanheusden.com and Jan Ceulen | BeeBeeC

email and URLs are there.

Post Reply