Loading ...
Sorry, an error occurred while loading the content.

reject_rbl_client after check_policy_service

Expand Messages
  • Rajkumar S
    Hi, I have a smtpd_recipient_restrictions section as follows: smtpd_recipient_restrictions = reject_unknown_sender_domain, permit_mynetworks,
    Message 1 of 8 , Jan 2, 2009
    • 0 Attachment
      Hi,

      I have a smtpd_recipient_restrictions section as follows:

      smtpd_recipient_restrictions =
      reject_unknown_sender_domain,
      permit_mynetworks,
      reject_non_fqdn_sender,
      reject_non_fqdn_hostname,
      reject_invalid_hostname,
      reject_unauth_destination
      reject_rbl_client sip.invaluement.local
      reject_rbl_client sip24.invaluement.local
      check_policy_service inet:127.0.0.1:9997,
      reject_rbl_client zen.spamhaus.org

      Greylisting server returns defer_if_permit to defer a mail. My
      objective is to lookup only those domains in zen whcih has passed
      greylisting test. But in my configuration above mails which are
      greylisted also gets blocked by zen. I guess this is the way
      defer_if_permit works. But is there any way to get the behavior I
      want?

      Thanks and regards,

      raj
    • mouss
      ... you need to change your policy service to return defer instead of defer_if_permit .
      Message 2 of 8 , Jan 2, 2009
      • 0 Attachment
        Rajkumar S a écrit :
        > Hi,
        >
        > I have a smtpd_recipient_restrictions section as follows:
        >
        > smtpd_recipient_restrictions =
        > reject_unknown_sender_domain,
        > permit_mynetworks,
        > reject_non_fqdn_sender,
        > reject_non_fqdn_hostname,
        > reject_invalid_hostname,
        > reject_unauth_destination
        > reject_rbl_client sip.invaluement.local
        > reject_rbl_client sip24.invaluement.local
        > check_policy_service inet:127.0.0.1:9997,
        > reject_rbl_client zen.spamhaus.org
        >
        > Greylisting server returns defer_if_permit to defer a mail. My
        > objective is to lookup only those domains in zen whcih has passed
        > greylisting test. But in my configuration above mails which are
        > greylisted also gets blocked by zen. I guess this is the way
        > defer_if_permit works. But is there any way to get the behavior I
        > want?
        >

        you need to change your policy service to return "defer" instead of
        "defer_if_permit".
      • Rajkumar S
        ... ... Thanks! I have changed my greylisting server to return defer Greylisted Come back after 30 seconds But I get a warning: postfix/smtpd[27732]:
        Message 3 of 8 , Jan 2, 2009
        • 0 Attachment
          On Fri, Jan 2, 2009 at 5:47 PM, mouss <mouss@...> wrote:
          >> smtpd_recipient_restrictions =
          <snip>
          >> check_policy_service inet:127.0.0.1:9997,
          >> reject_rbl_client zen.spamhaus.org
          >>
          >> Greylisting server returns defer_if_permit to defer a mail. My
          >> objective is to lookup only those domains in zen whcih has passed
          >> greylisting test. But in my configuration above mails which are
          >> greylisted also gets blocked by zen. I guess this is the way
          >> defer_if_permit works. But is there any way to get the behavior I
          >> want?
          >>
          >
          > you need to change your policy service to return "defer" instead of
          > "defer_if_permit".

          Thanks!

          I have changed my greylisting server to return

          defer Greylisted Come back after 30 seconds

          But I get a warning:

          postfix/smtpd[27732]: warning: restriction `Greylisted' after `defer' is ignored

          But if I use

          defer_if_permit Greylisted Come back after 30 seconds

          then there is no warning. am I missing some thing here?

          raj
        • Rajkumar S
          ... Thanks! raj
          Message 4 of 8 , Jan 2, 2009
          • 0 Attachment
            On Fri, Jan 2, 2009 at 6:19 PM, mouss <mouss@...> wrote:
            > just use:
            > 450 4.7.1 Greylisted Come back after 30 seconds

            Thanks!

            raj
          • Rajkumar S
            ... Ooops.... I still get postfix/smtpd[27954]: warning: restriction `450 after `defer is ignored btw, I am using postfix debian package version 2.5.5-1.1
            Message 5 of 8 , Jan 2, 2009
            • 0 Attachment
              On Fri, Jan 2, 2009 at 6:19 PM, mouss <mouss@...> wrote:
              > just use:
              > 450 4.7.1 Greylisted Come back after 30 seconds

              Ooops.... I still get postfix/smtpd[27954]: warning: restriction
              `450' after `defer' is ignored

              btw, I am using postfix debian package version 2.5.5-1.1 in Debian Lenny

              :(
            • Reinaldo de Carvalho
              ... The same occurs in postfix 2.3.8 (Debian Etch) and postgrey. DEFER_IF_PERMIT accept a text after restriction, and DEFER don t. - default action
              Message 6 of 8 , Jan 2, 2009
              • 0 Attachment
                On Fri, Jan 2, 2009 at 10:14 AM, Rajkumar S <rajkumars@...> wrote:
                > On Fri, Jan 2, 2009 at 6:19 PM, mouss <mouss@...> wrote:
                >> just use:
                >> 450 4.7.1 Greylisted Come back after 30 seconds
                >
                > Ooops.... I still get postfix/smtpd[27954]: warning: restriction
                > `450' after `defer' is ignored
                >
                > btw, I am using postfix debian package version 2.5.5-1.1 in Debian Lenny
                >
                > :(
                >

                The same occurs in postfix 2.3.8 (Debian Etch) and postgrey.
                DEFER_IF_PERMIT accept a text after restriction, and DEFER don't.

                - default action DEFER_IF_PERMIT.

                # tcpdump -i lo -nn -s0 -A port 60000 | grep --line-buffered action
                action=DEFER_IF_PERMIT Try again later.

                # grep 'warning: restriction' /var/log/mail/mail.log
                > nothing

                - changing postgrey --greylist-action parameter to "DEFER".

                # tcpdump -i lo -nn -s0 -A port 60000 | grep --line-buffered action
                action=DEFER Try again later.

                # grep 'warning: restriction' /var/log/mail/mail.log
                Jan 2 12:27:57 marajo postfix/smtpd[11688]: warning: restriction
                `Try' after `defer' is ignored


                --
                Reinaldo de Carvalho
                http://korreio.sf.net (Now available in English)
                http://python-cyrus.sf.net
              • mouss
                ... Remove the defer keyword. Return 450 4.7.1 Greylisted Come back after 30 seconds with no defer before it.
                Message 7 of 8 , Jan 2, 2009
                • 0 Attachment
                  Rajkumar S a écrit :
                  > On Fri, Jan 2, 2009 at 6:19 PM, mouss <mouss@...> wrote:
                  >> just use:
                  >> 450 4.7.1 Greylisted Come back after 30 seconds
                  >
                  > Ooops.... I still get postfix/smtpd[27954]: warning: restriction
                  > `450' after `defer' is ignored

                  Remove the "defer" keyword. Return
                  "450 4.7.1 Greylisted Come back after 30 seconds"
                  with no "defer" before it.

                  >
                  > btw, I am using postfix debian package version 2.5.5-1.1 in Debian Lenny
                  >
                  > :(
                • Rajkumar S
                  ... Thanks, that finally did the trick :) raj
                  Message 8 of 8 , Jan 4, 2009
                  • 0 Attachment
                    On Fri, Jan 2, 2009 at 10:37 PM, mouss <mouss@...> wrote:
                    > Remove the "defer" keyword. Return
                    > "450 4.7.1 Greylisted Come back after 30 seconds"
                    > with no "defer" before it.

                    Thanks, that finally did the trick :)

                    raj
                  Your message has been successfully submitted and would be delivered to recipients shortly.