greylisting/email blocked/hidden black listing settings/match string/list type: black

[Kevin Troendle]

Background:

User reports email being blocked from [email protected]

Search the maillog
grep -A7 [email protected] /usr/local/psa/var/log/maillog

Found email being blocked even though greylisting is turned off for this domain?
Oct 13 09:35:27 firedrumhosting greylisting filter[23978]: Starting greylisting filter...
Oct 13 09:35:27 firedrumhosting greylisting filter[23978]: list type: black, from: rcmdxobspool2.cavtel.net, match string: dsl|pool|broadband|hsd
Oct 13 09:35:27 firedrumhosting qmail-queue-handlers[23974]: handlers_stderr: REJECT

Settings controlling this is not in the Plesk Panel ?
You must use the command line utility to access the "list type:" and "match string:" referenced above

Ran this command to find hidden settngs
/usr/local/psa/bin/grey_listing --info-server

Reference for the command line utilities
http://download1.parallels.com/Plesk/PPP9/Doc/en-US/plesk-9.2-unix-cli/index.htm?fileName=63188.htm

Patterns listed that were unexplained and seemed way to broad? (to me anyways)
What are these default patterns?
Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]*
dynamic|static|ppp|dyn-ip|dial-up
dsl|pool|broadband|hsd <--
the one that was actually causing the email being rejected from the
rcmdxobspool2.cavtel.net mailserver

Used this to remove patterns
/usr/local/psa/bin/grey_listing --update-server -blacklist del:"dsl|pool|broadband|hsd"

From the documentation it seems to state that these "hidden" blacklists apply regardless of the
setting within the Plesk Panel for greylisting for the domain?
Can someone confirm this from Plesk?

From docs http://download1.parallels.com/Plesk/PPP9/Doc/en-US/plesk-9.2-unix-cli/index.htm?fileName=63188.htm
"server-wide black list - a list of hosts whose mail is rejected without greylisting check-ups."


Gotta luv the hidden behaviors and settings in Plesk?

 

[Brujo]

Hi,
i have modifyed the greylisting pattern and it looks now like:

Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]*
dsl|broadband|hsd
dynamic|static|ppp|dyn-ip|dial-up

but i still get mails blocked like: Nov 3 05:43:07 grugul greylisting filter[30103]: list type: black, from: mxphxpool20.ebay.com, match string: dsl|pool|broadband|hsd

thats make me wonder, as you can see the "pool" is out of the pattern but in the blocked log entry the pattern is still the original one. I have also *ebay.com in the whitelist. DO i have to restart something?

any hint?

Brujo

 

[Flachzange]

Hi Brujo,

how do you have edited the Black-/Whitelist? Please make "grey_listing -i" to output your greylisting settings for your machine.

Christoph

P.S. See my other thread where I have posted a whitel and blacklist which works with ebay etc

 

[mfichtner]

There is a bug in the way Plesk tries to update blacklist patterns that include the pipe symbol "|". Changing (or deleting) those patterns with grey_listing -u *seems* to work, but really doesn't. Plesk only changes these patterns in its own MySQL database, but it fails to reproduce those changes in the sqlite database the greylist module relies on.

What's worse: grey_listing -i only show the configuration stored in Plesk's MySQL database. It does *not* show the actual contents of the greylist module's sqlite database.

To verify this, run the following command. It selects the actual patterns from the sqlite database:

sqlite3 /var/lib/plesk/mail/greylist/settings.db "select * from remote_domains"

This should give you a list of all currently active patterns -- including the one you already removed.

To actually remove the offending pattern, try this command:

sqlite3 /var/lib/plesk/mail/greylist/settings.db "delete from remote_domains where domain = 'dsl|pool|broadband|hsd'"

Now, the MySQL and sqlite databases should be in sync again.

Hope this helps!

 

[kram@]

Hello,

How does one go about removing these:

.*yandex\.ru|white
.*mail\.ru|white
.*rambler\.ru|white

i have tried:

sqlite3 /var/lib/plesk/mail/greylist/settings.db "delete from remote_domains where domain = 'yandex.ru'"
sqlite3 /var/lib/plesk/mail/greylist/settings.db "delete from remote_domains where domain = '*.yandex.ru'"

No Luck, they just stay there, any thoughts?

 

[kram@]

Found a solution to my problem: http://www.haggybear.de/en/greylisting-manager

 

[Brujo]

@mfichtner

thanks for the explanation and with your guidance I was able to fix my issue. However it is wired how the greylisting is handled...

thanks
Brujo

 

[eugenevdm]

root@cm:/usr/lib/plesk-9.0# /usr/local/psa/bin/grey_listing --info-server
Grey listing configuration.

Grey listing checking enabled
Grey interval 5 minutes
Expire interval 51840 minutes
Penalty interval 2 minutes
Penalty disabled
Personal grey listing
configuration allowed

Server-wide black list:

Server-wide white list:

White domains patterns list:
*google.com
*mail.ru
*parallels.com
*rambler.ru
*yahoo.com
*yandex.ru

Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]*
dsl|pool|broadband|hsd
dynamic|static|ppp|dyn-ip|dial-up

SUCCESS: Gathering of server wide information complete.

root@cm:/usr/lib/plesk-9.0# /usr/local/psa/bin/grey_listing --update-server -blacklist del:"dsl|pool|broadband|hsd"
unable parse pattern list: incorrect pattern "dsl|pool|broadband|hsd"
root@cm:/usr/lib/plesk-9.0#

WTF?? Huh? This routine is so broken I cannot even delete my pattern.

At least this worked for the SQLite part:

root@cm:/usr/lib/plesk-9.0# sqlite3 /var/lib/plesk/mail/greylist/settings.db "delete from remote_domains where domain = 'dsl|pool|broadband|hsd|black'"

But notice the extra "|black'" (with single apostrophy) that I had to add.

 

[kevint@firedrum]

Solution Again!

After updating Plesk I found that the greylisting setting was also back in place.

My original solution post on this thread does not work anymore (using the grey_listing manager), so it looks
like Plesk also broke the fix...!!

Using this also DID NOT work for me...
sqlite3 /var/lib/plesk/mail/greylist/settings.db "delete from remote_domains where domain = 'dsl|pool|broadband|hsd'"

I was able to adjust the greylist setting by going directly to the PSA database

Use a SQL admin tool such as HeidiSQL to connect to your PSA database named "psa"
Use your login credentials for Plesk to access your database

Edit the table "GL_remote_domains"

Restart qmail
/etc/init.d/qmail restart

 

[BernhardE]

I got the same issue, my solution: deactivate Plesk greylisting. I thought it is possible to turn greylisting on only on single domains, but it seems if greylisting is turned on it doesn’t matter if the checkbox in the domains itself is turned off or not, it’s always greylisting. So I wonder why there is a button at the domains… Anybody knows the answer for this?

This is the only commercial product I use on the server and I always got the most trouble with it! :-(

 

[StephanS]

grey_listing SQlite workaround does the trick for me (Plesk 10.4.4)

As it says in the subject:
While it is a bit of a surprise to notice the persistence of the bug as explained above (grey_listing CLI reporting back misleading information on the black listed domains in particular) the workaround did the trick perfectly here.
That means:
ADDING white and black list entries works well will grey_listing CLI as documented.
DELETING white and black list entries works only via the sqlite commands documented above
(but ignore the suggestion to add "|black" to the text strings - not needed).
Stephan

 

[Alberto Tormo]

To delete I used this command (with Plesk 10.4.4#20)
#/usr/local/psa/bin/grey_listing --update-server -domains-blacklist del:"dsl|pool|broadband|hsd"

It worked fine.

I can't belive it still happends 3 years later...

 

[StephanS]

A final note on the discrepancy of observations

Meanwhile, greylisting and its CLI also work consistently for me [10.4.4#22]. My conclusion is that the sqlite workaround is only needed to delete the initial settings. All individual additions can easily be reverted with the grey_listing del option. Yet one has to get rid of the initial settings in order not to block large email providers ...
Good Luck, Stephan

 

[Alyssond]

#/usr/local/psa/bin/grey_listing --update-server -domains-blacklist del:"dsl|pool|broadband|hsd"
Same problem here. Plesk 10.4.4 latest updates installed.

I ran this command above and it did the trick.


Thank You

 

[Alyssond]

#/usr/local/psa/bin/grey_listing --update-server -domains-blacklist del:"dsl|pool|broadband|hsd"
Same problem here. Plesk 10.4.4 latest updates installed.

I ran this command above and it did the trick.


Thank You

Jun 21 13:36:30 painellx postfix/smtpd[13222]: 58F502372343: milter-reject: DATA from mxphxpool20.ebay.com[66.211.161.20]: 550 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mxphxpool20.ebay.com>
Jun 21 13:37:11 painellx postfix/smtpd[13222]: D0B402372346: milter-reject: DATA from mxphxpool26.ebay.com[66.211.161.26]: 550 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mxphxpool26.ebay.com>
Jun 21 13:37:23 painellx postfix/smtpd[13222]: 6D01E2372346: milter-reject: DATA from c94df892.static.m2e001.com[201.77.248.146]: 550 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<c94df892.static.m2e001.com>
Jun 21 13:39:29 painellx postfix/smtpd[13222]: C347723722F7: milter-reject: DATA from am1ehsobe003.messaging.microsoft.com[213.199.154.206]: 550 5.7.1 Command rejected; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<am1outboundpool.messaging.microsoft.com>


look for pool in the log

After the command.

/usr/local/psa/bin/grey_listing --info-server
Grey listing configuration.

Grey listing checking enabled
Grey interval 5 minutes
Expire interval 51840 minutes
Penalty interval 2 minutes
Penalty disabled
Personal grey listing
configuration allowed

Server-wide black list:

Server-wide white list:
*@microsoft.com

White domains patterns list:
*google.com
*mail.ru
*parallels.com
*rambler.ru
*yahoo.com
*yandex.ru

Black domains patterns list:
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]*
*[0-9][0-9].[0-9][0-9].[0-9][0-9]*
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]*
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]*
dynamic|static|ppp|dyn-ip|dial-up

SUCCESS: Gathering of server wide information complete.