Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Thread

Problem with particular domains

Problem with particular domains

2016-02-26 by Eugeniusz Nowacki

Hello All,

This is my first message, so please be indulgent :)

I use postfix together with milter-greylist-4.5.12 
compiler:/usr/src/redhat/BUILD/milter-greylist-4.5.12 Thu May 21 
15:10:41 EDT 2015. I experience problem with greylisting regarding 
particular domains, for example: komputronik-biznes.pl.  I didn't notice 
problem like this one time, this is an exmple of similar events only.

I found in the log of my SMTP serwer the following line:

Feb 19 14:50:21 mx01 logger: milter-greylist: MILTERSTAT: 2016.02.19 
14:50:21 mx-01.ktr.pl [195.138.211.150] xxx.yyy@... -> 
aaa.bbb@... tempfail (ACL 311) 451 4.7.1 SPFINFO: SPF:e  
Greylisting in action, please come back later:  host mx-01.ktr.pl 
[195.138.211.150]  domain 'komputronik-biznes.pl'

During manual query SPF of komputronik-biznes.pl domain, the answers are 
as follow:

First DNS query:
- dig +short komputronik-biznes.pl txt
- Result: "v=spf1 include:ktb-spf.ktr.pl include:spf.ktr.pl -all"

The second  DNS query:
   -- dig +short spf.ktr.pl txt
   -- Result: "v=spf1 a mx ip4:195.138.211.0/24 ip4:91.198.150.0/24"

Then, the list of networks contains 195.138.211.0/24, then IP of the 
sender 195.138.211.150 is on the list, but milter-greylist delayed this 
mail.

Why milter-greylist behaves this way?

P.S.
Below, is my config file and log queries of two DNS servers made by 
email server.

Thanks for your help,
Gienek


--------------------------------------------
# My greylist.conf is as follow:

stat "|logger -p mail.info"  "milter-greylist: MILTERSTAT: %T{%Y.%m.%d 
%T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"

geoipdb "/usr/share/GeoIP/GeoIP.dat"
verbose
peer 10.31.11.2
peer 10.31.11.3
peer 10.21.2.230
syncaddr * port 5252
racl whitelist addr 127.0.0.0/8
racl whitelist addr 10.0.0.0/8
racl whitelist addr 172.16.0.0/12
racl whitelist addr 192.168.0.0/16
racl whitelist from /.*@epcon\.pl /
racl whitelist from /.*@pse\.pl/
racl whitelist from /.*@medicover\.pl/
racl whitelist from /.*@kai-info\.eu/
racl whitelist from /.*@citi\.com/
racl whitelist from /.*@ecitele\.com/
racl whitelist from /.*@equitybank\.co\.ke/
report all
delayedreject
dumpfreq 5m
timeout 8h
greylist 6m
autowhite 14d
subnetmatch /24
nodrac
quiet
pidfile "/var/run/milter-greylist.pid"
socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
user "postfix"
racl whitelist spf pass
racl greylist spf fail  msg "SPFINFO: SPF:f  Greylisting in action, 
please come back later:  host %d [%i]  domain '%sf'" delay 120m 
autowhite 14d

# this line has number 310 !!!
racl greylist spf error msg "SPFINFO: SPF:e  Greylisting in action, 
please come back later:  host %d [%i]  domain '%sf'" delay 120m 
autowhite 14d


# =========================================================
# DNS queries by host running milter-greylist (DNS server is on this 
some host)

19-Feb-2016 14:50:19.307  127.0.0.1#45252 (komputronik-biznes.pl): 
komputronik-biznes.pl IN MX + (127.0.0.1)
19-Feb-2016 14:50:19.367  127.0.0.1#46522 (komputronik-biznes.pl): 
komputronik-biznes.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.367  127.0.0.1#51590 (komputronik-biznes.pl): 
komputronik-biznes.pl IN TXT + (127.0.0.1)
19-Feb-2016 14:50:19.388  127.0.0.1#60096 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.458  10.21.2.247#40938 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:19.596  127.0.0.1#46046 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.667  10.21.2.247#37189 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:19.806  127.0.0.1#50880 (komputronik-biznes.pl): 
komputronik-biznes.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.806  127.0.0.1#56799 (komputronik-biznes.pl): 
komputronik-biznes.pl IN TXT + (127.0.0.1)
19-Feb-2016 14:50:19.806  127.0.0.1#53576 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:19.874  10.21.2.247#60803 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:20.018  127.0.0.1#44488 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:20.092  10.21.2.247#55055 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:20.239  127.0.0.1#55187 (komputronik-biznes.pl): 
komputronik-biznes.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:20.239  127.0.0.1#43869 (komputronik-biznes.pl): 
komputronik-biznes.pl IN TXT + (127.0.0.1)
19-Feb-2016 14:50:20.239  127.0.0.1#37714 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:20.310  10.21.2.247#44763 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)
19-Feb-2016 14:50:21.270  127.0.0.1#48180 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (127.0.0.1)
19-Feb-2016 14:50:21.340  10.21.2.247#47636 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (172.21.2.247)

# another DNS server got the queries also as follow:
19-Feb-2016 14:50:19.527  10.21.2.247#45405 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:19.737  10.21.2.247#56195 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:19.945  10.21.2.247#37866 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:20.165  10.21.2.247#60834 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:21.198  10.21.2.247#45035 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
19-Feb-2016 14:50:21.411  10.21.2.247#50334 (ktb-spf.ktr.pl): 
ktb-spf.ktr.pl IN SPF + (10.21.2.230)
# =========================================================

RE: Problem with particular domains

2016-03-05 by Gienek Nowacki

Hi,

I would like to ask -  is here anyone, who could help to solve or 
clarify this problem?
My question remained unanswered.

Rgrds.,
Gienek

Re: [milter-greylist] Problem with particular domains

2016-03-06 by Bill Levering

hmm…

Are you sure SPF was compiled into your version of milter-greylist?

here is a simple way to check:
(this version is part of the EPEL repository)
[idbill@mail ~]$ strings /usr/sbin/milter-greylist.orig | grep spf | wc
      0       0       0
(this is my custom compiled version)
[idbill@mail ~]$ strings /usr/sbin/milter-greylist | grep spf | wc
     50      74     701
[idbill@mail ~]$ 

Testing SPF directly using pyspf: https://pypi.python.org/pypi/pyspf/
 
I get a success as follows:
$ python ./venv/lib/python3.4/site-packages/spf.py 195.138.211.150 komputronik-biznes.pl helo
('pass', 250, 'sender SPF authorized') include:spf.ktr.pl
$ 

Bill
Show quoted textHide quoted text
> On Feb 26, 2016, at 1:15 PM, Eugeniusz Nowacki nowackig@... [milter-greylist] <milter-greylist@yahoogroups.com> wrote:
> 
> Hello All,
> 
> This is my first message, so please be indulgent :)
> 
> I use postfix together with milter-greylist-4.5.12 
> compiler:/usr/src/redhat/BUILD/milter-greylist-4.5.12 Thu May 21 
> 15:10:41 EDT 2015. I experience problem with greylisting regarding 
> particular domains, for example: komputronik-biznes.pl. I didn't notice 
> problem like this one time, this is an exmple of similar events only.
> 
> I found in the log of my SMTP serwer the following line:
> 
> Feb 19 14:50:21 mx01 logger: milter-greylist: MILTERSTAT: 2016.02.19 
> 14:50:21 mx-01.ktr.pl [195.138.211.150] xxx.yyy@... -> 
> aaa.bbb@... tempfail (ACL 311) 451 4.7.1 SPFINFO: SPF:e  
> Greylisting in action, please come back later: host mx-01.ktr.pl 
> [195.138.211.150] domain 'komputronik-biznes.pl'
> 
> During manual query SPF of komputronik-biznes.pl domain, the answers are 
> as follow:
> 
> First DNS query:
> - dig +short komputronik-biznes.pl txt
> - Result: "v=spf1 include:ktb-spf.ktr.pl include:spf.ktr.pl -all"
> 
> The second DNS query:
> -- dig +short spf.ktr.pl txt
> -- Result: "v=spf1 a mx ip4:195.138.211.0/24 ip4:91.198.150.0/24"
> 
> Then, the list of networks contains 195.138.211.0/24, then IP of the 
> sender 195.138.211.150 is on the list, but milter-greylist delayed this 
> mail.
> 
> Why milter-greylist behaves this way?
> 
> P.S.
> Below, is my config file and log queries of two DNS servers made by 
> email server.
> 
> Thanks for your help,
> Gienek
> 
> --------------------------------------------
> # My greylist.conf is as follow:
> 
> stat "|logger -p mail.info" "milter-greylist: MILTERSTAT: %T{%Y.%m.%d 
> %T} %d [%i] %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"
> 
> geoipdb "/usr/share/GeoIP/GeoIP.dat"
> verbose
> peer 10.31.11.2
> peer 10.31.11.3
> peer 10.21.2.230
> syncaddr * port 5252
> racl whitelist addr 127.0.0.0/8
> racl whitelist addr 10.0.0.0/8
> racl whitelist addr 172.16.0.0/12
> racl whitelist addr 192.168.0.0/16
> racl whitelist from /.*@epcon\.pl /
> racl whitelist from /.*@pse\.pl/
> racl whitelist from /.*@medicover\.pl/
> racl whitelist from /.*@kai-info\.eu/
> racl whitelist from /.*@citi\.com/
> racl whitelist from /.*@ecitele\.com/
> racl whitelist from /.*@equitybank\.co\.ke/
> report all
> delayedreject
> dumpfreq 5m
> timeout 8h
> greylist 6m
> autowhite 14d
> subnetmatch /24
> nodrac
> quiet
> pidfile "/var/run/milter-greylist.pid"
> socket "/var/spool/postfix/milter-greylist/milter-greylist.sock" 666
> dumpfile "/var/spool/postfix/milter-greylist/greylist.db" 600
> user "postfix"
> racl whitelist spf pass
> racl greylist spf fail msg "SPFINFO: SPF:f Greylisting in action, 
> please come back later: host %d [%i] domain '%sf'" delay 120m 
> autowhite 14d
> 
> # this line has number 310 !!!
> racl greylist spf error msg "SPFINFO: SPF:e Greylisting in action, 
> please come back later: host %d [%i] domain '%sf'" delay 120m 
> autowhite 14d
> 
> # =========================================================
> # DNS queries by host running milter-greylist (DNS server is on this 
> some host)
> 
> 19-Feb-2016 14:50:19.307 127.0.0.1#45252 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN MX + (127.0.0.1)
> 19-Feb-2016 14:50:19.367 127.0.0.1#46522 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.367 127.0.0.1#51590 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN TXT + (127.0.0.1)
> 19-Feb-2016 14:50:19.388 127.0.0.1#60096 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.458 10.21.2.247#40938 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:19.596 127.0.0.1#46046 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.667 10.21.2.247#37189 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:19.806 127.0.0.1#50880 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.806 127.0.0.1#56799 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN TXT + (127.0.0.1)
> 19-Feb-2016 14:50:19.806 127.0.0.1#53576 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:19.874 10.21.2.247#60803 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:20.018 127.0.0.1#44488 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:20.092 10.21.2.247#55055 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:20.239 127.0.0.1#55187 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:20.239 127.0.0.1#43869 (komputronik-biznes.pl): 
> komputronik-biznes.pl IN TXT + (127.0.0.1)
> 19-Feb-2016 14:50:20.239 127.0.0.1#37714 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:20.310 10.21.2.247#44763 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 19-Feb-2016 14:50:21.270 127.0.0.1#48180 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (127.0.0.1)
> 19-Feb-2016 14:50:21.340 10.21.2.247#47636 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (172.21.2.247)
> 
> # another DNS server got the queries also as follow:
> 19-Feb-2016 14:50:19.527 10.21.2.247#45405 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:19.737 10.21.2.247#56195 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:19.945 10.21.2.247#37866 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:20.165 10.21.2.247#60834 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:21.198 10.21.2.247#45035 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> 19-Feb-2016 14:50:21.411 10.21.2.247#50334 (ktb-spf.ktr.pl): 
> ktb-spf.ktr.pl IN SPF + (10.21.2.230)
> # =========================================================
> 
> 
>

Re: [milter-greylist] Problem with particular domains

2016-03-06 by manu@...

Eugeniusz Nowacki nowackig@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> Feb 19 14:50:21 mx01 logger: milter-greylist: MILTERSTAT: 2016.02.19 
> 14:50:21 mx-01.ktr.pl [195.138.211.150] xxx.yyy@... ->
> aaa.bbb@... tempfail (ACL 311) 451 4.7.1 SPFINFO: SPF:e  
> Greylisting in action, please come back later:  host mx-01.ktr.pl 
> [195.138.211.150]  domain 'komputronik-biznes.pl'
(...)
> racl whitelist spf pass
> racl greylist spf fail  msg "SPFINFO: SPF:f  Greylisting in action, 
> please come back later:  host %d [%i]  domain '%sf'" delay 120m 
> autowhite 14d
> racl greylist spf error msg "SPFINFO: SPF:e  Greylisting in action, 
> please come back later:  host %d [%i]  domain '%sf'" delay 120m 
> autowhite 14d

Um, what happens in case of transient DNS error? I understand you match
the last rule. Couln't that explain what you observe?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Re: [milter-greylist] Problem with particular domains

2016-03-06 by Gienek Nowacki

W dniu 06.03.2016 o 02:29, Bill Levering yidbill@... 
[milter-greylist] pisze:
>
> hmm\u2026
>
> Are you sure SPF was compiled into your version of milter-greylist?
>
Yes, it is.  Except cases like this, and few the same type with other 
domains, milter-greylist works correctly.
Probem is with domais, which have few 'include' - (eg. komputronik.pl)

> here is a simple way to check:
>
(...)

> (this is my custom compiled version)
> [idbill@mail ~]$ strings /usr/sbin/milter-greylist | grep spf | wc
> 50 74 701
>
I my case the result of the command 'strings /usr/sbin/milter-greylist | 
grep spf | wc' is as follow:
       4      22     152

> [idbill@mail ~]$
>
> Testing SPF directly using pyspf: https://pypi.python.org/pypi/pyspf/
>
> I get a success as follows:
> $ python ./venv/lib/python3.4/site-packages/spf.py 195.138.211.150 
> komputronik-biznes.pl helo
> ('pass', 250, 'sender SPF authorized') include:spf.ktr.pl
>

The same result:
('pass', 250, 'sender SPF authorized') include:spf.ktr.pl

Gienek

Re: [milter-greylist] Problem with particular domains

2016-03-06 by Gienek Nowacki

W dniu 06.03.2016 o 06:52, manu@... [milter-greylist] pisze:
>
> Eugeniusz Nowacki nowackig@... [milter-greylist]
> <milter-greylist@yahoogroups.com> wrote:
>
> > Feb 19 14:50:21 mx01 logger: milter-greylist: MILTERSTAT: 2016.02.19
> > 14:50:21 mx-01.ktr.pl [195.138.211.150] xxx.yyy@... ->
> > aaa.bbb@... tempfail (ACL 311) 451 4.7.1 SPFINFO: SPF:e
> > Greylisting in action, please come back later: host mx-01.ktr.pl
> > [195.138.211.150] domain 'komputronik-biznes.pl'
> (...)
> > racl whitelist spf pass
> > racl greylist spf fail msg "SPFINFO: SPF:f Greylisting in action,
> > please come back later: host %d [%i] domain '%sf'" delay 120m
> > autowhite 14d
> > racl greylist spf error msg "SPFINFO: SPF:e Greylisting in action,
> > please come back later: host %d [%i] domain '%sf'" delay 120m
> > autowhite 14d
>
> Um, what happens in case of transient DNS error? I understand you match
> the last rule. Couln't that explain what you observe?
>
> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
>
>

In this case milter-greylist delayed reception of this message above two 
hours.
Please take a look at the DNS queries - there are no query about TXT 
record of spf.ktr.pl domain.

Gienek

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.