Milter-greylist

Something changed in the past few weeks for me where email from gmail 
servers is getting more and more delayed (days at a time) and now some 
mails are never getting delivered (timed out on sending side I assume).

What techniques are you using the accept easier or sooner mails from 
servers like mail-wm0-f66.google.com, mail-io0-f196.google.com, and on 
and on? (Normal greylisting simply won't work except by luck.)

'Jeremy C. Reed' reed@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> Something changed in the past few weeks for me where email from gmail
> servers is getting more and more delayed (days at a time) and now some
> mails are never getting delivered (timed out on sending side I assume).

I guess they added more server farms, and the message are resent from
random IP in pools you need to whitelist. 

You can update the whitelist by parsing the logs. Alternatively you
could trust gméail.com's SPF record (racl whitelist domain gmail.com spf
pass), or update your whitelist based on gmail.com SPF records:
64.18.0.0/20
64.233.160.0/19
66.102.0.0/20
66.249.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
207.126.144.0/20
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19
2001:4860:4000::/36
2404:6800:4000::/36
2607:f8b0:4000::/36
2800:3f0:4000::/36
2a00:1450:4000::/36
2c0f:fb50:4000::/36
172.217.0.0/19

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

On Tue, 12 Apr 2016, manu@... [milter-greylist] wrote:

> 'Jeremy C. Reed' reed@... [milter-greylist]
> <milter-greylist@yahoogroups.com> wrote:
> 
> > Something changed in the past few weeks for me where email from gmail
> > servers is getting more and more delayed (days at a time) and now some
> > mails are never getting delivered (timed out on sending side I assume).
> 
> I guess they added more server farms, and the message are resent from
> random IP in pools you need to whitelist. 
> 
> You can update the whitelist by parsing the logs. Alternatively you
> could trust gm?ail.com's SPF record (racl whitelist domain gmail.com spf
> pass), or update your whitelist based on gmail.com SPF records:
> 64.18.0.0/20

snip

Thanks for the response. I should have provide more details and research 
up front.  I already had several of these IPs listed in my whitelist.
In addition I already had compiled with SPF and see the delayed emails 
were accepted with "are SPF-compliant, bypassing greylist" (so whitelist 
is probably redundant).

I see the problem:

/var/log/maillog.2.gz:Apr 9 13:11:14 c-0500 postfix/smtpd[11243]: 
NOQUEUE: reject: RCPT from mail-wm0-f67.google.com[74.125.82.67]: 554 
5.7.1 Service unavailable; Client host [74.125.82.67] blocked using 
dnsbl.sorbs.net; Currently Sending Spam See: 
http://www.sorbs.net/lookup.shtml?74.125.82.67; 
from=<whatever@...> to=<foo@bar> proto=ESMTP 
helo=<mail-wm0-f67.google.com>

/var/log/maillog.2.gz:Apr 9 00:40:33 c-0500 postfix/smtpd[7566]: 
NOQUEUE: reject: RCPT from mail-io0-f196.google.com[209.85.223.196]: 554 
5.7.1 Service unavailable; Client host [209.85.223.196] blocked using 
dnsbl.sorbs.net; Currently Sending Spam See: 
http://www.sorbs.net/lookup.shtml?209.85.223.196 / Spam Received 
Recently See: http://www.sorbs.net/lookup.shtml?209.85.223.196; 
from=<anotherwhatever@...> to=<foo@bar> proto=ESMTP 
helo=<mail-io0-f196.google.com>

I have around 184 of those for google.com mail servers over the past 
week. Some are listed by dnsbl.sorbs.net, bl.spamcop.net, 
and zen.spamhaus.org.

Maybe I should whitelist these also in postfix.

I also use dnsrbl in greylist.conf:

dnsrbl "SORBS DUN" dnsbl.sorbs.net 127.0.0.10
dnsrbl "SPAMHAUS" zen.spamhaus.org 127.0.0.0/16
dnsrbl "SPAMCOP" bl.spamcop.net 127.0.0.2 
dnsrbl "CBL" cbl.abuseat.org 127.0.0.2

racl greylist dnsrbl "SORBS DUN" delay 6h
racl greylist dnsrbl "SPAMHAUS" delay 6h
racl greylist dnsrbl "SPAMCOP" delay 6h
racl greylist dnsrbl "CBL" delay 6h

but I don't see logging for this.