reject_rbl_client after check_policy_service

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

reject_rbl_client after check_policy_service

Rajkumar S-3
Hi,

I have a smtpd_recipient_restrictions section as follows:

smtpd_recipient_restrictions =
        reject_unknown_sender_domain,
        permit_mynetworks,
        reject_non_fqdn_sender,
        reject_non_fqdn_hostname,
        reject_invalid_hostname,
        reject_unauth_destination
        reject_rbl_client sip.invaluement.local
        reject_rbl_client sip24.invaluement.local
        check_policy_service inet:127.0.0.1:9997,
        reject_rbl_client zen.spamhaus.org

Greylisting server returns  defer_if_permit to defer a mail.  My
objective is to lookup only those domains in zen whcih has passed
greylisting test. But in my configuration above mails which are
greylisted also gets blocked by zen. I guess this is the way
defer_if_permit works. But is there any way to get the behavior I
want?

Thanks and regards,

raj
Reply | Threaded
Open this post in threaded view
|

Re: reject_rbl_client after check_policy_service

mouss-4
Rajkumar S a écrit :

> Hi,
>
> I have a smtpd_recipient_restrictions section as follows:
>
> smtpd_recipient_restrictions =
>         reject_unknown_sender_domain,
>         permit_mynetworks,
>         reject_non_fqdn_sender,
>         reject_non_fqdn_hostname,
>         reject_invalid_hostname,
>         reject_unauth_destination
>         reject_rbl_client sip.invaluement.local
>         reject_rbl_client sip24.invaluement.local
>         check_policy_service inet:127.0.0.1:9997,
>         reject_rbl_client zen.spamhaus.org
>
> Greylisting server returns  defer_if_permit to defer a mail.  My
> objective is to lookup only those domains in zen whcih has passed
> greylisting test. But in my configuration above mails which are
> greylisted also gets blocked by zen. I guess this is the way
> defer_if_permit works. But is there any way to get the behavior I
> want?
>

you need to change your policy service to return "defer" instead of
"defer_if_permit".



Reply | Threaded
Open this post in threaded view
|

Re: reject_rbl_client after check_policy_service

Rajkumar S-3
On Fri, Jan 2, 2009 at 5:47 PM, mouss <[hidden email]> wrote:
>> smtpd_recipient_restrictions =
<snip>

>>         check_policy_service inet:127.0.0.1:9997,
>>         reject_rbl_client zen.spamhaus.org
>>
>> Greylisting server returns  defer_if_permit to defer a mail.  My
>> objective is to lookup only those domains in zen whcih has passed
>> greylisting test. But in my configuration above mails which are
>> greylisted also gets blocked by zen. I guess this is the way
>> defer_if_permit works. But is there any way to get the behavior I
>> want?
>>
>
> you need to change your policy service to return "defer" instead of
> "defer_if_permit".

Thanks!

I have changed my greylisting server to return

defer Greylisted Come back after 30 seconds

But I get a warning:

postfix/smtpd[27732]: warning: restriction `Greylisted' after `defer' is ignored

But if I use

defer_if_permit Greylisted Come back after 30 seconds

then there is no warning. am I missing some thing here?

raj
Reply | Threaded
Open this post in threaded view
|

Re: reject_rbl_client after check_policy_service

Rajkumar S-3
On Fri, Jan 2, 2009 at 6:19 PM, mouss <[hidden email]> wrote:
> just use:
> 450 4.7.1 Greylisted Come back after 30 seconds

Thanks!

raj
Reply | Threaded
Open this post in threaded view
|

Re: reject_rbl_client after check_policy_service

Rajkumar S-3
In reply to this post by Rajkumar S-3
On Fri, Jan 2, 2009 at 6:19 PM, mouss <[hidden email]> wrote:
> just use:
> 450 4.7.1 Greylisted Come back after 30 seconds

Ooops.... I still get  postfix/smtpd[27954]: warning: restriction
`450' after `defer' is ignored

btw, I am using postfix debian package version  2.5.5-1.1 in Debian Lenny

:(
Reply | Threaded
Open this post in threaded view
|

Re: reject_rbl_client after check_policy_service

Reinaldo Gil Lima de Carvalho
On Fri, Jan 2, 2009 at 10:14 AM, Rajkumar S <[hidden email]> wrote:

> On Fri, Jan 2, 2009 at 6:19 PM, mouss <[hidden email]> wrote:
>> just use:
>> 450 4.7.1 Greylisted Come back after 30 seconds
>
> Ooops.... I still get  postfix/smtpd[27954]: warning: restriction
> `450' after `defer' is ignored
>
> btw, I am using postfix debian package version  2.5.5-1.1 in Debian Lenny
>
> :(
>

The same occurs in postfix 2.3.8 (Debian Etch) and postgrey.
DEFER_IF_PERMIT accept a text after restriction, and DEFER don't.

- default action DEFER_IF_PERMIT.

# tcpdump -i lo -nn -s0 -A port 60000 | grep --line-buffered action
action=DEFER_IF_PERMIT Try again later.

# grep 'warning: restriction' /var/log/mail/mail.log
> nothing

- changing postgrey --greylist-action parameter to "DEFER".

# tcpdump -i lo -nn -s0 -A port 60000 | grep --line-buffered action
action=DEFER Try again later.

# grep 'warning: restriction' /var/log/mail/mail.log
Jan  2 12:27:57 marajo postfix/smtpd[11688]: warning: restriction
`Try' after `defer' is ignored


--
Reinaldo de Carvalho
http://korreio.sf.net (Now available in English)
http://python-cyrus.sf.net
Reply | Threaded
Open this post in threaded view
|

Re: reject_rbl_client after check_policy_service

mouss-4
In reply to this post by Rajkumar S-3
Rajkumar S a écrit :
> On Fri, Jan 2, 2009 at 6:19 PM, mouss <[hidden email]> wrote:
>> just use:
>> 450 4.7.1 Greylisted Come back after 30 seconds
>
> Ooops.... I still get  postfix/smtpd[27954]: warning: restriction
> `450' after `defer' is ignored

Remove the "defer" keyword. Return
        "450 4.7.1 Greylisted Come back after 30 seconds"
with no "defer" before it.

>
> btw, I am using postfix debian package version  2.5.5-1.1 in Debian Lenny
>
> :(

Reply | Threaded
Open this post in threaded view
|

Re: reject_rbl_client after check_policy_service

Rajkumar S-3
On Fri, Jan 2, 2009 at 10:37 PM, mouss <[hidden email]> wrote:
> Remove the "defer" keyword. Return
>        "450 4.7.1 Greylisted Come back after 30 seconds"
> with no "defer" before it.

Thanks, that finally did the trick :)

raj