1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk 9.2.1 greylisting checks every mail - even known senders

Discussion in 'Plesk 9.x for Linux Issues, Fixes, How-To' started by MatthiasR, Jul 29, 2009.

  1. MatthiasR

    MatthiasR Guest

    0
     
    Hi everybody,

    I have a problem concerning Plesks greylisting function which I run under Plesk 9.2.1. in Linux.
    Greylisting works fine as it rejects every mail that comes in for the first time and let it pass when it is sent a second time.
    But when the sender sends a new message, greylisting rejects it again waiting for a second delivery.

    As far as I understood Plesks greylisting, the senders address should be remembered for an interval specified in "expire interval" with a default of 36 days. Within this period mails from that specific sender should not be rejected again.

    Did I misunderstood the mechanism? If not: what is going wrong? Why is every mail rejected even with multiple mails sent from the same address?

    I don't want to solve this issue by maintaining a lot of whitelist-stuff.

    Any hint is very welcome.

    Matthias
     
  2. hasher

    hasher Guest

    0
     
    You are right, by default expire interval is 36 days (5184 minutes). Plesk GL is remember sender and _receiver_ addresses and write its to database. Expired records are cleaning one time in day.

    Make sure, that sender domain is not exist in Mail Server black list and host which sending as EHLO parameter is not matching with any records in GL black-list regexps:

    # mysql -uadmin -p`cat /etc/psa/.psa.shadow` -D psa -e 'select * from GL_remote_domains;'|grep black
    *[0-9][0-9]-[0-9][0-9]-[0-9][0-9]* black
    *[0-9][0-9].[0-9][0-9].[0-9][0-9]* black
    *[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]* black
    *[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]* black
    dsl|pool|broadband|hsd black
    dynamic|static|ppp|dyn-ip|dial-up black
     
  3. MatthiasR

    MatthiasR Guest

    0
     
    Thanks for your answer. I checked the blacklist and neither sender nor receiver matches to it. I tested again. Assume I use Plesk greylisting on my server and user jim@b-online.com wants to send a mail to john@myserver.com. The following happens:

    1. jim@b-online.com sends to john@myserver.com
    2. greylisting at myserver.com rejects the mail
    3. 30 minutes later b-online.com sends the message again to john@myserver.com
    4. greylisting accepts the mail and passes it to john@myserver.com (I can find the entry in the greylisting database)

    fine up to now - but

    5. Within one hour jim@b-online.com sends another mail to john@myserver.com
    6. greylisting rejects the mail AGAIN although it should remember sender and receiver (and pass the mail immediately).
    7. same procedure as 3. and 4.

    So it seems to me that greylisting does not check its database entries when rejecting incoming mails.

    Any suggestions to examine this behavior?
     
  4. hasher

    hasher Guest

    0
     
    Very strange.

    1. What is OS?

    2. MTA - qmail or postfix?

    3. Could you see /usr/local/psa/var/log/maillog for errors from GreyListing handler and post the result here?
     
  5. MatthiasR

    MatthiasR Guest

    0
     
    Ok, I found the reason for virtual deferral of the same sender address.
    I installed haggybears GLM frontend and found that b-online.com uses very different mail servers that are chosen by chance for each mail sent. So the mails from jim@b-online.com are mostly combined with different IP-Adresses leading to a new mail rejection.

    This is ok because it is the way grey-listing works. Now I am looking for a way to configure the grey-listing component to pass known-sender-receiver combinations when they arrive from a group of mail-servers. Something like "*mail*.b-online.com".


    Regards
    Matthias

    Btw: OS is Suse Linux 11.1, MTA ist qmail.
     
Loading...