Greylisting problem

General eFa discussion
andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Greylisting problem

Post by andyitc »

I have a client that is running the latest EFA and they have a supplier who is sending them emails that always get greylisted. What happens is that the sending server always sends from a different IP address (They are using 254 different IP addresses). The first time that they get grey-listed the sending server will then try from a different IP address but then that get grey-listed and so on and eventually the email does not get delivered. I previously manually added all 254 addresses for that domain but it seems to have now forgotten most of them and I don't want to have to regularly type them all in as it is quite time consuming. I am wondering if is possible to exclude certain domains from being greylisted.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Greylisting problem

Post by shawniverson »

Are the 254 addresses in a single contiguous segment?
andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc »

Yes they are
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Greylisting problem

Post by shawniverson »

Try adding a class c network....do this by just entering the first three octets into the whitelist

Sender name: somesender
Sender domain: somedomain.com
Source (class c or d): 123.123.123
andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc »

Tried adding the Class C but it didn't help

Andy
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Greylisting problem

Post by pdwalker »

andyitc wrote:Tried adding the Class C but it didn't help

Andy
Any joy with solving your problem?
andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc »

unfortunately I haven't got anywhere with this problem
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Greylisting problem

Post by DaN »

Does
"Opt-out domains
(recipients for whom messages are never greylisted)"
not work?
andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc »

Surely that would stop any recipient from being greylisted at all or am I misunderstanding the way that this is working? Strange thing is I have just checked and they are not waiting for this domain in the greylist now. It could be thatit has now managed to populate with all of the IP addresses
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Greylisting problem

Post by DaN »

EFA-Webinterface -> Greylist -> Optout domain -> add ONE domain
mails from this domain are never greylisted
andyitc
Posts: 10
Joined: 04 Sep 2014 22:23

Re: Greylisting problem

Post by andyitc »

Thank You.Ii had previously done this but I think it takes time before it becomes apparent that this is working. The terminology is confusing as it says

Opt-out domains
(recipients for whom messages are never greylisted)

It should actually say Opt-out domains
(senders for whom messages are never greylisted)

as it is the senders and not the recipients that we need to exclude from checking
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Greylisting problem

Post by DaN »

I'm afraid i am wrong. Sorry. I have to test again.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Greylisting problem

Post by pdwalker »

my case is a little different

I have an upstream mail provider that removes all viral laden messages before passing them back to us (essentially they are our "smart host" for those particular domains.

The messages they send us are greylisted when any traffic from their IPs should immediately be accepted.

I can't figure out how to handle that.
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Greylisting problem

Post by DaN »

If the source IP's are from the same subnet xxx.xxx.xxx(.yyy) and "Greylist" -> "Domains" -> "Add to whitelist" is used, does this work?
Sender domain: thedomain.tld
Source (class c or d): xxx.xxx.xxx

Just guessing.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Greylisting problem

Post by pdwalker »

tried that. Still getting grey listed.

I've tried:
sender domain: *
source: xxx.yyy.zzz

(the sender domains will be the original senders, not the domain of the virus removing provider/smarthost I am using).
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Greylisting problem

Post by shawniverson »

I don't think the sender domain can be a wildcard...
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Greylisting problem [solved for me]

Post by pdwalker »

nope. you cannot.

I solved the problem in the end

edit /etc/sqlgrey/clients_ip_whitelist.local
add in each ip address, line by line
/etc/sqlgrey restart

watch as the maillog changes from
Mar 26 12:34:37 efa postfix/smtpd[14224]: NOQUEUE: reject: RCPT from mail6.bemta17.messagelabs.com[117.120.20.71]: 451 4.7.1 <receiver@receiver.domain>: Recipient address rejected: Greylisted for 5 minutes; from=<sender@sender.domain> to=<receiver@receiver.domain> proto=ESMTP helo=<mail6.bemta17.messagelabs.com>
to
Mar 26 12:35:31 efa sqlgrey: whitelist: sender@sender.domain, 117.120.16.199(mail6.bemta10.messagelabs.com) -> receiver@receiver.domain
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

I know this is an old thread but after reading: /etc/sqlgrey/clients_fqdn_whitelist would it not be easier to add your domain to /etc/sqlgrey/clients_fqdn_whitelist.local?
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

andyitc wrote:Opt-out domains
(recipients for whom messages are never greylisted)

It should actually say Opt-out domains
(senders for whom messages are never greylisted)

as it is the senders and not the recipients that we need to exclude from checking
where would one report this? I totally agree its mislabeled.
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt »

Create & add IP ranges to: /etc/sqlgrey/clients_ip_whitelist.local
and/or
Create & add domains to /etc/sqlgrey/clients_fqdn_whitelist.local

See the original SQLGrey files for examples but do not modify the originals as they will be overwritten by a module update!
/etc/sqlgrey/clients_ip_whitelist
/etc/sqlgrey/clients_fqdn_whitelist

For IP's, you can add Class A, B, C or D addresses:
ie.
192.168.25.26
192.168.25
192.168
192

For _fqdn_ entries:
##
# SQLgrey expects the following expressions:
#
# hostname.domain.com # whole system name (least CPU intensive)
# *.domain.com # whitelist any fqdn in the domain 'domain.com'
# /regexp/ # whitelist any fqdn matching the regexp (by far most CPU intensive)
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt »

Also, occasionally run:

[root@efa sqlgrey]# update_sqlgrey_config

updating /etc/sqlgrey/clients_fqdn_whitelist:
--- /etc/sqlgrey/clients_fqdn_whitelist 2015-02-26 18:45:56.317999767 -0800
+++ clients_fqdn_whitelist 2016-06-27 08:02:37.000000000 -0700
@@ -100,6 +100,14 @@
# GL-group: no retry
mail.gl-group.com

+# StartSSL: no retry
+*.startcom.org
+*.startssl.com
+
+# Outlook.com users, retries do not come from the same server.
+*.outbound.protection.outlook.com
+
+
# Do not add anything here (this file can be overwritten by SQLgrey updates and
# update_sqlgrey_config), create a "clients_fqdn_whitelist.local" file
# and add your own entries in there
updating /etc/sqlgrey/smtp_server.regexp:
--- /etc/sqlgrey/smtp_server.regexp 2015-02-26 18:45:56.422999767 -0800
+++ smtp_server.regexp 2005-03-01 16:29:45.000000000 -0800
@@ -1 +1 @@
-^(.+[._-])*(apache|bounce|bulk|delay|d?ns|external|extranet|filter|firewall|forward|gateway|gw|m?liste?s?|(bulk|dead|mass|send|[eqw])?mail(er)?|e?mail(agent|host|hub|scan(ner)?)|messagerie|mta|v?mx|out(bound)?|pop|postfix|w?proxy|rela(is|y)|serveu?r|smarthost|v?smtp|web|www)(gate|mail|mx|pool|out|server)?[0-9]*[._-]
\ No newline at end of file
+^(.+[._-])*(apache|bounce|bulk|delay|d?ns|external|extranet|filter|firewall|forward|gateway|gw|m?liste?s?|(bulk|dead|mass|send|[eqw])?mail(er)?|e?mail(agent|host|hub|scan(ner)?)|messagerie|mta|v?mx|out(bound)?|pop|postfix|w?proxy|rela(is|y)|serveu?r|smarthost|v?smtp|web|www)(gate|mail|mx|pool|out|server)?[0-9]*[._-]
[root@efa sqlgrey]#
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

I'll add a feature suggestion for EFA to run this comand on a certain say weekly schedule?
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt »

:thumbup:
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt »

It would also be a nice feature to have the SQLGrey Webinterface have options to add/delete entries in /etc/sqlgrey/clients_ip_whitelist.local and /etc/sqlgrey/clients_fqdn_whitelist.local . . . .
Last edited by dbrunt on 02 Mar 2017 20:41, edited 1 time in total.
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

Good point! You might want to raise that issue with the guys who made the web interface, go to EFA => Greylisting and look towards the bottom where it says:

QLGrey webinterface v 1.1.6 by folkert@vanheusden.com and Jan Ceulen | BeeBeeC

email and URLs are there.
Post Reply