Plesk 9.2.1 greylisting checks every mail - even known senders

[MatthiasR]

Hi everybody,

I have a problem concerning Plesks greylisting function which I run under Plesk 9.2.1. in Linux.
Greylisting works fine as it rejects every mail that comes in for the first time and let it pass when it is sent a second time.
But when the sender sends a new message, greylisting rejects it again waiting for a second delivery.

As far as I understood Plesks greylisting, the senders address should be remembered for an interval specified in "expire interval" with a default of 36 days. Within this period mails from that specific sender should not be rejected again.

Did I misunderstood the mechanism? If not: what is going wrong? Why is every mail rejected even with multiple mails sent from the same address?

I don't want to solve this issue by maintaining a lot of whitelist-stuff.

Any hint is very welcome.

Matthias

 

[hasher]

You are right, by default expire interval is 36 days (5184 minutes). Plesk GL is remember sender and _receiver_ addresses and write its to database. Expired records are cleaning one time in day.

Make sure, that sender domain is not exist in Mail Server black list and host which sending as EHLO parameter is not matching with any records in GL black-list regexps:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` -D psa -e 'select * from GL_remote_domains;'|grep black
*[0-9][0-9]-[0-9][0-9]-[0-9][0-9]* black
*[0-9][0-9].[0-9][0-9].[0-9][0-9]* black
*[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9]* black
*[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9[0-9]][0-9]* black
dsl|pool|broadband|hsd black
dynamic|static|ppp|dyn-ip|dial-up black

 

[MatthiasR]

Thanks for your answer. I checked the blacklist and neither sender nor receiver matches to it. I tested again. Assume I use Plesk greylisting on my server and user [email protected] wants to send a mail to [email protected]. The following happens:

1. [email protected] sends to [email protected]
2. greylisting at myserver.com rejects the mail
3. 30 minutes later b-online.com sends the message again to [email protected]
4. greylisting accepts the mail and passes it to [email protected] (I can find the entry in the greylisting database)

fine up to now - but

5. Within one hour [email protected] sends another mail to [email protected]
6. greylisting rejects the mail AGAIN although it should remember sender and receiver (and pass the mail immediately).
7. same procedure as 3. and 4.

So it seems to me that greylisting does not check its database entries when rejecting incoming mails.

Any suggestions to examine this behavior?

 

[hasher]

Very strange.

1. What is OS?

2. MTA - qmail or postfix?

3. Could you see /usr/local/psa/var/log/maillog for errors from GreyListing handler and post the result here?

 

[MatthiasR]

Ok, I found the reason for virtual deferral of the same sender address.
I installed haggybears GLM frontend and found that b-online.com uses very different mail servers that are chosen by chance for each mail sent. So the mails from [email protected] are mostly combined with different IP-Adresses leading to a new mail rejection.

This is ok because it is the way grey-listing works. Now I am looking for a way to configure the grey-listing component to pass known-sender-receiver combinations when they arrive from a group of mail-servers. Something like "*mail*.b-online.com".


Regards
Matthias

Btw: OS is Suse Linux 11.1, MTA ist qmail.