Greylisting problem

General eFa discussion
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt »

Done!
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt »

Now I need to figure out why X-Greylist header is not being added to 99.99% of incoming emails since July 5th at 17:03.
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

I have a similar problem, no headers are being added by any SA plugins, the only X- headers my incoming emails have are: "X-MyCompany-MailScanner-EFA*" see my other thread: viewtopic.php?f=14&t=1743
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt »

Similar yes, but different. I have SQLGrey only occasionally adding a header since about 5:00 PM July 5th and no changes were made to EFA 3.0.0.8 that day.
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt »

I just restarted EFA.

I can see sqlgrey starting up:
Jul 29 10:24:03 efa sqlgrey: Process Backgrounded
Jul 29 10:24:03 efa sqlgrey: 2016/07/29-10:24:03 sqlgrey (type Net::Server::Multiplex) starting! pid(2002)
Jul 29 10:24:03 efa sqlgrey: Resolved [localhost]:2501 to [127.0.0.1]:2501, IPv4
Jul 29 10:24:03 efa sqlgrey: Binding to TCP port 2501 on host 127.0.0.1 with IPv4
Jul 29 10:24:03 efa sqlgrey: Setting gid to "500 500"
Jul 29 10:24:03 efa sqlgrey: Setting uid to "500"

But here is first message:
Jul 29 10:24:20 efa postfix/smtpd[1909]: connect from mail-sn1nam02on0068.outbound.protection.outlook.com[104.47.36.68]
Jul 29 10:24:20 efa postfix/smtpd[1909]: setting up TLS connection from mail-sn1nam02on0068.outbound.protection.outlook.com[104.47.36.68]
Jul 29 10:24:20 efa postfix/smtpd[1909]: Anonymous TLS connection established from mail-sn1nam02on0068.outbound.protection.outlook.com[104.47.36.68]: TLSv1 with cipher AES256-SHA (256/256 bits)
Jul 29 10:24:21 efa postfix/smtpd[1909]: 712BCA0058: client=mail-sn1nam02on0068.outbound.protection.outlook.com[104.47.36.68]
Jul 29 10:24:21 efa postfix/cleanup[1963]: 712BCA0058: hold: header Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on0068.outbound.protection.outlook.com [104.47.36.68])??(using TLSv1 with cipher AES256-SHA (256/256 bits))??(No client certi from mail-sn1nam02on0068.outbound.protection.outlook.com[104.47.36.68]; from=<m@h...ca> to=<df@i....com> proto=ESMTP helo=<NAM02-SN1-obe.outbound.protection.outlook.com>
Jul 29 10:24:21 efa postfix/cleanup[1963]: 712BCA0058: message-id=<CO1PR19MB08376B179D3CA5EC08C744BCB7010@CO1PR19MB0837.namprd19.prod.outlook.com>
Jul 29 10:24:21 efa postfix/smtpd[1909]: warning: network_biopair_interop: error writing 53 bytes to the network: Connection reset by peer
Jul 29 10:24:21 efa postfix/smtpd[1909]: warning: network_biopair_interop: error writing 37 bytes to the network: Broken pipe
Jul 29 10:24:21 efa postfix/smtpd[1909]: disconnect from mail-sn1nam02on0068.outbound.protection.outlook.com[104.47.36.68]

No sign of sqlgrey looking at it...
Yesterday I increased loglevel to 3...just tried 4 but still no maillog entries by sqlgrey except for startup.
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

It seems my clients_fqdn_whitelist.local is being ignored. its content is:

Code: Select all

###################
# google.com #
###################

# Some of Google's services
*.bounces.google.com
bounces.google.com
and yet the following domains got greylisted:
randomsender@gaia.bounces.google.com
randomsender@unified-notifications.bounces.google.com
randomsender@scoutcamp.bounces.google.com

any idea why?
radiogen
Posts: 4
Joined: 30 Jan 2017 10:57

Re: Greylisting problem

Post by radiogen »

have you done database update for greylist?

update_sqlgrey_config
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

yes I did that already, why? I can't see any mentioning of google.com inside the client_fqdn_whitelist after the update.
dbrunt
Posts: 64
Joined: 28 Nov 2015 00:09

Re: Greylisting problem

Post by dbrunt »

Ovizii, I don't believe update_sqlgrey_config merges the .local files as radiogen's post alludes to. It downloads new files from SQLGrey source.

Code: Select all

[root@efa sqlgrey]# update_sqlgrey_config

 updating /etc/sqlgrey/clients_fqdn_whitelist:
 --- /etc/sqlgrey/clients_fqdn_whitelist 2015-02-26 18:45:56.317999767 -0800
 +++ clients_fqdn_whitelist 2016-06-27 08:02:37.000000000 -0700
 @@ -100,6 +100,14 @@
 # GL-group: no retry
 mail.gl-group.com

 +# StartSSL: no retry
Silly question but did you restart sqlgrey service after modifying the .local file(s)?

Code: Select all

Create & add IP ranges to: /etc/sqlgrey/clients_ip_whitelist.local 
 and/or
Create & add domains to /etc/sqlgrey/clients_fqdn_whitelist.local

/etc/sqlgrey restart
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

I know lists don't get merged upon updating its just that when you update, client_fqdn_whitelist could possibly have been updated with google.com entries or at least that is what I hoped :-)

yes, my changes are inside client_fqdn_whitelits.local and yes I restarted /etc/init.d/sqlgrey.. restart...
also after restarting sqlgrey and checking maillog I see it starting. I have found other threads on the internet where they mention seeing which files are being loaded in there so I might try a little later to up the log level and see if I can see which files sqlgrey is loading in the maillog.
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

I also noted that emails coming from: .outbound.protection.outlook.com are being greylisted causing unnecessary delays.

/etc/sqlgrey/clients_fqdn_whitelist contains:

Code: Select all

# Outlook.com users, retries do not come from the same server.
*.outbound.protection.outlook.com
Can someone confirm?
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

SQLGREY is pretty much ignoring me.

inside: /etc/sqlgrey/sqlgrey.conf

Code: Select all

 discrimination = on
 discrimination_add_rulenr = on
and yet there is no trace of the rule number in my rejection logs:

Code: Select all

Feb  9 15:24:22 efa postfix/smtpd[13960]: NOQUEUE: reject: RCPT from mail-ot0-f176.google.com[74.125.82.176]: 451 4.7.1 <recipient@internal.tld>: Recipient address rejected: Greylisted for 5 minutes; from=<sender@external.tld> to=<recipient@internal.tld> proto=ESMTP helo=<mail-ot0-f176.google.com>
I'm turning it off for now.
ovizii
Posts: 463
Joined: 11 May 2016 08:08

Re: Greylisting problem

Post by ovizii »

even that isn't so simple, after turning off greylisting from EFA-Configure, the log says:

Feb 9 15:35:53 efa sqlgrey: 2017/02/09-15:35:53 Server closing!
Feb 9 15:35:53 efa sqlgrey: Couldn't unlink "/var/run/sqlgrey.pid" [Permission denied]

manually stopped the service now.
BliXem
Posts: 80
Joined: 27 Mar 2017 19:17

Re: Greylisting problem

Post by BliXem »

Is it possible to add "Sender name: -undef- and Sender domain: -undef-" so it never greylists?
Post Reply