Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] Problem with particular domains

2016-03-06 by Bill Levering

hmm…

Are you sure SPF was compiled into your version of milter-greylist?

here is a simple way to check:
(this version is part of the EPEL repository)
[idbill@mail ~]$ strings /usr/sbin/milter-greylist.orig | grep spf | wc
      0       0       0
(this is my custom compiled version)
[idbill@mail ~]$ strings /usr/sbin/milter-greylist | grep spf | wc
     50      74     701
[idbill@mail ~]$ 

Testing SPF directly using pyspf: https://pypi.python.org/pypi/pyspf/
 
I get a success as follows:
$ python ./venv/lib/python3.4/site-packages/spf.py 195.138.211.150 komputronik-biznes.pl helo
('pass', 250, 'sender SPF authorized') include:spf.ktr.pl
$ 

Bill

> On Feb 26, 2016, at 1:15 PM, Eugeniusz Nowacki nowackig@... [milter-greylist] <milter-greylist@yahoogroups.com> wrote:
> 
> Hello All,
> 
> This is my first message, so please be indulgent :)
> 
> I use postfix together with milter-greylist-4.5.12 
> compiler:/usr/src/redhat/BUILD/milter-greylist-4.5.12 Thu May 21 
> 15:10:41 EDT 2015. I experience problem with greylisting regarding 
> particular domains, for example: komputronik-biznes.pl. I didn't notice 
> problem like this one time, this is an exmple of similar events only.
> 
> I found in the log of my SMTP serwer the following line:
> 
> Feb 19 14:50:21 mx01 logger: milter-greylist: MILTERSTAT: 2016.02.19 
> 14:50:21 mx-01.ktr.pl [195.138.211.150] xxx.yyy@... -> 
> aaa.bbb@... tempfail (ACL 311) 451 4.7.1 SPFINFO: SPF:e  
> Greylisting in action, please come back later: host mx-01.ktr.pl 
> [195.138.211.150] domain 'komputronik-biznes.pl'
> 
> During manual query SPF of komputronik-biznes.pl domain, the answers are 
> as follow:
> 
> First DNS query:
> - dig +short komputronik-biznes.pl txt
> - Result: "v=spf1 include:ktb-spf.ktr.pl include:spf.ktr.pl -all"
> 
> The second DNS query:
> -- dig +short spf.ktr.pl txt
> -- Result: "v=spf1 a mx ip4:195.138.211.0/24 ip4:91.198.150.0/24"
> 
> Then, the list of networks contains 195.138.211.0/24, then IP of the 
> sender 195.138.211.150 is on the list, but milter-greylist delayed this 
> mail.
> 
> Why milter-greylist behaves this way?
> 
> P.S.
> Below, is my config file and log queries of two DNS servers made by 
> email server.
> 
> Thanks for your help,
> Gienek
> 
> --------------------------------------------
> # My greylist.conf is as follow:
> 
> stat "|logger -p mail.info" "milter-greylist: MILTERSTAT: %T{%Y.%m.%d 
> %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
> 
> geoipdb "/usr/share/GeoIP/GeoIP.dat"
> verbose
> peer 10.31.11.2
> peer 10.31.11.3
> peer 10.21.2.230
> syncaddr * port 5252
> racl whitelist addr 127.0.0.0/8
> racl whitelist addr 10.0.0.0/8
> racl whitelist addr 172.16.0.0/12
> racl whitelist addr 192.168.0.0/16
> racl whitelist from /.*@epcon\.pl /
> racl whitelist from /.*@pse\.pl/
> racl whitelist from /.*@medicover\.pl/
> racl whitelist from /.*@kai-info\.eu/
> racl whitelist from /.*@citi\.com/
> racl whitelist from /.*@ecitele\.com/
> racl whitelist from /.*@equitybank\.co\.ke/
> report all
> delayedreject
> dumpfreq 5m
> timeout 8h
> greylist 6m
> autowhite 14d
> subnetmatch /24
> nodrac
> quiet
> pidfile "/var/run/milter-greylist.pid"
> socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
> dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
> user "postfix"
> racl whitelist spf pass
> racl greylist spf fail msg "SPFINFO: SPF:f Greylisting in action, 
> please come back later: host %d [%i] domain '%sf'" delay 120m 
> autowhite 14d
> 
> # this line has number 310 !!!
> racl greylist spf error msg "SPFINFO: SPF:e Greylisting in action, 
> please come back later: host %d [%i] domain '%sf'" delay 120m 
> autowhite 14d
> 
> # =========================================================
> # DNS queries by host running milter-greylist (DNS server is on this 
> some host)
> 
> 19-Feb-2016 14:50:19.307 127.0.0.1#45252 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN MX + (127.0.0.1)
> 19-Feb-2016 14:50:19.367 127.0.0.1#46522 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.367 127.0.0.1#51590 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN TXT + (127.0.0.1)
> 19-Feb-2016 14:50:19.388 127.0.0.1#60096 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.458 10.21.2.247#40938 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:19.596 127.0.0.1#46046 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.667 10.21.2.247#37189 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:19.806 127.0.0.1#50880 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.806 127.0.0.1#56799 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN TXT + (127.0.0.1)
> 19-Feb-2016 14:50:19.806 127.0.0.1#53576 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.874 10.21.2.247#60803 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:20.018 127.0.0.1#44488 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:20.092 10.21.2.247#55055 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:20.239 127.0.0.1#55187 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:20.239 127.0.0.1#43869 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN TXT + (127.0.0.1)
> 19-Feb-2016 14:50:20.239 127.0.0.1#37714 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:20.310 10.21.2.247#44763 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:21.270 127.0.0.1#48180 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:21.340 10.21.2.247#47636 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 
> # another DNS server got the queries also as follow:
> 19-Feb-2016 14:50:19.527 10.21.2.247#45405 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:19.737 10.21.2.247#56195 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:19.945 10.21.2.247#37866 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:20.165 10.21.2.247#60834 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:21.198 10.21.2.247#45035 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:21.411 10.21.2.247#50334 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> # =========================================================
> 
> 
>

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.