greylisting

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

greylisting

polloxx
I have a question regarding greylisting:

Some of our users are complaining mails have a large delay, especially
those from providers like gmail. This is because these use different
IP addresses on each delivery attempt.
Using listgrey is not an option.

Anyone who has a solution for this?

Thx,
P.
Reply | Threaded
Open this post in threaded view
|

Re: greylisting

Thomas Leuxner
* polloxx <[hidden email]> 2013.01.04 14:56:

> Some of our users are complaining mails have a large delay, especially
> those from providers like gmail. This is because these use different
> IP addresses on each delivery attempt.
> Using listgrey is not an option.
>
> Anyone who has a solution for this?

You haven't told us what you piece of software you are using to
greylist. Postgrey for instance can overcome such problems
with 'client_whitelists' and a little regex magic.

Or religiously, don't use greylisting at all but postscreen:

http://www.postfix.org/POSTSCREEN_README.html

Regards
Thomas

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: greylisting

Thomas Leuxner
* Thomas Leuxner <[hidden email]> 2013.01.04 15:13:

> You haven't told us what piece of software you are using to
> greylist. Postgrey for instance can overcome such problems
> with 'client_whitelists' and a little regex magic.
>
> Or religiously, don't use greylisting at all but postscreen:
>
> http://www.postfix.org/POSTSCREEN_README.html
>
> Regards
> Thomas
Oops I failed to multitask, please disregard wrong reply-to. Fixed

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: greylisting

polloxx
In reply to this post by Thomas Leuxner
On Fri, Jan 4, 2013 at 3:13 PM, Thomas Leuxner <[hidden email]> wrote:

> * polloxx <[hidden email]> 2013.01.04 14:56:
>
>> Some of our users are complaining mails have a large delay, especially
>> those from providers like gmail. This is because these use different
>> IP addresses on each delivery attempt.
>> Using listgrey is not an option.
>>
>> Anyone who has a solution for this?
>
> You haven't told us what you piece of software you are using to
> greylist. Postgrey for instance can overcome such problems
> with 'client_whitelists' and a little regex magic.
>
> Or religiously, don't use greylisting at all but postscreen:
>
> http://www.postfix.org/POSTSCREEN_README.html
>
> Regards
> Thomas


We use postfix-gld.
Reply | Threaded
Open this post in threaded view
|

Re: greylisting

Thomas Leuxner
* polloxx <[hidden email]> 2013.01.04 15:20:

> We use postfix-gld.

That seems to have gathered some dust. Anyway you should be able to
whitelist the affected domains _before_ the check_policy_service
statement:

  check_client_access hash:/etc/postfix/client_access

...or the like.

Thomas

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: greylisting

Robert Schetterer-2
In reply to this post by polloxx
Am 04.01.2013 14:56, schrieb polloxx:

> I have a question regarding greylisting:
>
> Some of our users are complaining mails have a large delay, especially
> those from providers like gmail. This is because these use different
> IP addresses on each delivery attempt.
> Using listgrey is not an option.
>
> Anyone who has a solution for this?
>
> Thx,
> P.
>

use greylisting only selective, thats enough
i.e
http://www.arschkrebs.de/postfix/postfix_greylisting.shtml

Best Regards
MfG Robert Schetterer

--
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Joerg Heidrich
Reply | Threaded
Open this post in threaded view
|

Re: greylisting

Benny Pedersen-2
In reply to this post by polloxx
polloxx skrev den 2013-01-04 14:56:
> I have a question regarding greylisting:
>
> Some of our users are complaining mails have a large delay,
> especially
> those from providers like gmail. This is because these use different
> IP addresses on each delivery attempt.
> Using listgrey is not an option.
>
> Anyone who has a solution for this?

use pypolicyd-spf latest version and then if spf pass dont greylist, if
sender is after this test still gmail.org then greylist or reject that
user for not using gmail servers

#  For a fully commented sample config file see
policyd-spf.conf.commented

debugLevel = 1
defaultSeedOnly = 1

HELO_reject = SPF_Not_Pass
Mail_From_reject = SPF_Not_Pass

PermError_reject = True
TempError_Defer = False

skip_addresses = 127.0.0.0/8

Header_Type = AR
Authserv_Id = duggi.junc.org


then do greylist AFTER check spf

and if spf passed skip greylist google postfwd as an example config,
but with spf as above then its not needed to use another daemon

and lastly remember to not greylist non existsing recipient,
reject_unlisted_recipient before check_policy_service


Reply | Threaded
Open this post in threaded view
|

Re: greylisting

polloxx
In reply to this post by polloxx
Thanks to all of you for the suggestions.

On Fri, Jan 4, 2013 at 2:56 PM, polloxx <[hidden email]> wrote:

> I have a question regarding greylisting:
>
> Some of our users are complaining mails have a large delay, especially
> those from providers like gmail. This is because these use different
> IP addresses on each delivery attempt.
> Using listgrey is not an option.
>
> Anyone who has a solution for this?
>
> Thx,
> P.