| View previous topic :: View next topic |
| Author |
Message |
Pittiplatsch
n00b
Joined: 09 Jun 2005
Posts: 20
Location: Leipzig
|
 Posted: Mon May 01, 2006 11:38 am Post subject: postgrey whitelist_clients |
 |
|
I installed postgrey-1.24 on my mailserver and basically it works.
Now i want to whitelist some sender domains using the /etc/postfix/postgrey_whitelist_clients or /etc/postfix/postgrey_whitelist_clients.local files. For testing I created a hotmail account, put hotmail.de and hotmail.com in postgrey_whitelist_clients.local. I also tried /^*\.de$/ in postgrey_whitelist_clients. But no success, all mails are still greylisted.
I played with the config, leaving default settings or specifying on or more files using the --whitelist_clients=FILE option. Still no success.
It seems, the --whitelist_clients option does not work.
Any ideas what´s wrong?
Thanks Piti |
|
| Back to top |
|
 |
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Mon May 01, 2006 1:27 pm Post subject: |
|
|
The regex is wrong. Should be:
cheers
SteveB |
|
| Back to top |
|
|
Pittiplatsch
n00b
Joined: 09 Jun 2005
Posts: 20
Location: Leipzig
|
| Posted: Mon May 01, 2006 1:49 pm Post subject: |
|
|
I changed the regex as suggested, still geylisted.
And why the entries in the .local file(hotmail.de and hotmail.com) don´t work? |
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Mon May 01, 2006 2:06 pm Post subject: |
|
|
It has been a long time since I played with postgrey. I personaly use SQLGrey, wich is based on postgrey but offers me much much more flexibility then postgrey. Together with SGWI (SQLGrey Web Interface) I can easy add, remove, modify, etc whatever domain or email I like from greylisting. If you are open to a new greylisting solution, then I would suggest you to look at SQLGrey.
cheers
SteveB |
|
| Back to top |
|
|
Pittiplatsch
n00b
Joined: 09 Jun 2005
Posts: 20
Location: Leipzig
|
| Posted: Mon May 01, 2006 8:54 pm Post subject: |
|
|
Thank you for your suggestion. Maybe I will try SQLgrey later.
For now, it would be enough, if I could get the simple postgrey solution working.  |
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Tue May 02, 2006 1:02 am Post subject: |
|
|
| Okay. Let me install this beast. Will post soon an answer.... |
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Tue May 02, 2006 1:16 am Post subject: |
|
|
Okay. You need to do this: | Code: | mkdir -p /etc/postfix
touch /etc/postfix/postgrey_whitelist_clients.local
chown root:postgrey /etc/postfix/postgrey_whitelist_clients.local
chmod 640 /etc/postfix/postgrey_whitelist_clients.local |
Then you need to add to /etc/postfix/postgrey_whitelist_clients.local the following content: | Code: | # Do NOT greylist hotmail.com MX servers (see dig in mx hotmail.com)
/^mx[1-4]\.hotmail\.com$/
# Do NOT greylist ANY host from hotmail.com
/^.*\.hotmail\.com$/
# Do NOT greylist hotmail.de MX servers (see dig in mx hotmail.de)
pamx1.hotmail.com |
Actualy the MX record for the german Hotmail is pamx1.hotmail.com and if you add "/^.*\.hotmail\.com$/" into the local file, then the german AND the other Hotmail servers will not be greylisted.
cheers / Gruss (ja, ja... bin ein Schweizer)
Steve |
|
| Back to top |
|
|
Pittiplatsch
n00b
Joined: 09 Jun 2005
Posts: 20
Location: Leipzig
|
| Posted: Tue May 02, 2006 8:12 am Post subject: |
|
|
I have done this. (all lines you suggested in .local)
And this is from maillog:
| Code: |
May 2 07:30:50 ronlux postfix/smtpd[23421]: NOQUEUE: reject: RCPT from unknown[65.54.185.20]: 450 <i@mydomain.net>: Recipient address rejected: "Greylisted; from=<blabla127@hotmail.de> to=<i@mydomain.net> proto=ESMTP helo=<hotmail.com>
|
Maybe it is a problem in dns because of the "unknown[65.54.185.20]". A nslookup gives me
| Code: |
ronlux ~ # nslookup 65.54.185.20
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
20.185.54.65.in-addr.arpa name = bay15-f20.bay15.hotmail.com.
Authoritative answers can be found from:
|
and I think, the second regex should catch this. |
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Tue May 02, 2006 9:01 am Post subject: |
|
|
Yes. The regex should catch that.
Could you post your config file from postgrey? And maybe the relevant part from Postfix (in main.cf and master.cf).
cheers
Steve |
|
| Back to top |
|
|
Pittiplatsch
n00b
Joined: 09 Jun 2005
Posts: 20
Location: Leipzig
|
| Posted: Tue May 02, 2006 10:12 am Post subject: |
|
|
Here is the config:
| Code: |
ronlux ~ # cat /etc/conf.d/postgrey
POSTGREY_TYPE="inet"
POSTGREY_HOST="127.0.0.1"
POSTGREY_PORT="10030"
POSTGREY_SOCKET="/var/spool/postfix/private/postgrey"
POSTGREY_PID="/var/run/postgrey.pid"
POSTGREY_DELAY=300
POSTGREY_TEXT="Greylisted for %s seconds"
POSTGREY_OPTS=""
|
| Code: |
ronlux ~ # cat /etc/postfix/main.cf
smtpd_client_restrictions =
permit_mynetworks,
# reject_unknown_client,
reject_rbl_client relays.ordb.org,
reject_rbl_client dnsbl.njabl.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
check_client_access hash:/etc/postfix/client_restrict
smtpd_helo_required = yes
smtpd_helo_restrictions=
permit_mynetworks,
reject_invalid_hostname,
# reject_unknown_hostname,
# reject_non_fqdn_hostname,
check_helo_access hash:/etc/postfix/helo_restrict
smtpd_sender_restrictions =
permit_mynetworks,
# reject_unknown_sender_domain,
reject_non_fqdn_sender,
reject_rhsbl_sender blackhole.securitysage.com,
check_sender_access hash:/etc/postfix/sender_restrict
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
reject_unknown_recipient_domain,
reject_non_fqdn_recipient,
# reject_rhsbl_recipient domain.tld,
check_policy_service inet:127.0.0.1:10030,
check_recipient_access hash:/etc/postfix/recipient_restrict
|
| Code: |
ronlux ~ # cat /etc/postfix/master.cf
# 127.0.0.1:100024 antivir
smtp inet n - y - - smtpd
-o content_filter=smtp:127.0.0.1:10024
# backdoor antivir
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=spamfilter:
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtp_client_restrictions=
-o smtp_helo_restrictions=
-o smtp_sender_restrictions=
-o smtp_recipient_restrictons=reject_unauth_destinations
# bogofilter
spamfilter unix - n n - - pipe
flags=R user=spam argv=/var/spool/spam/filter.sh -f ${sender} -- ${recipient}
|
And how do you think about the "unknown[65.54.185.20]"? |
|
| Back to top |
|
|
Pittiplatsch
n00b
Joined: 09 Jun 2005
Posts: 20
Location: Leipzig
|
| Posted: Tue May 02, 2006 11:47 am Post subject: |
|
|
Hi Steve,
I found it. Uff!
The problem was, that the smtpd is chrooted.
I forgot to set up dns for the chroot jail, as provided with /usr/share/doc/postfix-2.2.5/examples/chroot-setup/LINUX2.
After doing that, the log entry has changed from unknown[65.54.185.13] to bay15-f13.bay15.hotmail.com[65.54.185.13] and whitlisting works fine.
Thank you for your help.
Piti
(Und viele Gruesse aus Sachsen in die Schweiz) |
|
| Back to top |
|
|
steveb
Advocate
Joined: 18 Sep 2002
Posts: 4564
|
| Posted: Sat May 06, 2006 11:55 am Post subject: |
|
|
 |
|
| Back to top |
|
|
mariourk
l33t
Joined: 11 Jul 2003
Posts: 807
Location: Urk, Netherlands
|
| Posted: Thu Feb 08, 2007 11:02 am Post subject: |
|
|
What I'm missing is, where do I tell Postfix/Postgrey to actually use
| Code: |
/etc/postfix/postgrey_whitelist_clients.local
|
Can someone tell me? I would like to greylist some MX-servers to.
Thanks
_________________
If there is one thing to learn from history, it's that we usualy don't learn anything from it, at all. |
|
| Back to top |
|
|
|
Networking & Security
