Greylisting broken in 6.65?

Discussion forum for Enterprise Edition.
Post Reply
ShawnKHall
Posts: 113
Joined: Wed Apr 06, 2005 12:03 am
Location: California, USA
Contact:
Contact ShawnKHall

Greylisting broken in 6.65?

Post by ShawnKHall »

Since updating to 6.65 a couple weeks ago I've received a number of user complaints that expected incoming messages are never delivered.

Checking the logs I see a ridiculous number of greylisting notes. The record, for a 24 hour period for a single message is 327 greylisting/message delayed notes for the same IP address, but there are literally hundreds of messages each day that are experiencing the exact same problems - even though it's the same IP address that's attempting to send the same message. Here's a sample from the logs:

Code: Select all

11/19/2012 1:05	SMTP-IN	F9216C86AC9A430EB873794CEE324467.MAI	2572	a.b.c.d			220 example.com	0	0
11/19/2012 1:05	SMTP-IN	F9216C86AC9A430EB873794CEE324467.MAI	2572	a.b.c.d	EHLO	EHLO smtp.example.net	250-win.example.com [a.b.c.d], this server offers 6 extensions	170	29
11/19/2012 1:05	SMTP-IN	F9216C86AC9A430EB873794CEE324467.MAI	2572	a.b.c.d	MAIL	MAIL FROM:<bounce-1328-230461690-user=example.com@example.org>	250 Requested mail action okay, completed	43	77
11/19/2012 1:05	SMTP-IN	F9216C86AC9A430EB873794CEE324467.MAI	2572	a.b.c.d	RCPT	RCPT TO:<user@example.com>	451 This server employs greylisting as a means of reducing spam. Your message has been delayed and will be accepted later.	124	35
11/19/2012 1:07	SMTP-IN	3D4C196E91FF4E36B13A1EB2C2D35CC5.MAI	2124	a.b.c.d			220 example.com	0	0
11/19/2012 1:07	SMTP-IN	3D4C196E91FF4E36B13A1EB2C2D35CC5.MAI	2124	a.b.c.d	EHLO	EHLO smtp.example.net	250-win.example.com [a.b.c.d], this server offers 6 extensions	170	29
11/19/2012 1:07	SMTP-IN	3D4C196E91FF4E36B13A1EB2C2D35CC5.MAI	2124	a.b.c.d	MAIL	MAIL FROM:<bounce-1328-230461690-user=example.com@example.org>	250 Requested mail action okay, completed	43	77
11/19/2012 1:07	SMTP-IN	3D4C196E91FF4E36B13A1EB2C2D35CC5.MAI	2124	a.b.c.d	RCPT	RCPT TO:<user@example.com>	451 This server employs greylisting as a means of reducing spam. Your message has been delayed and will be accepted later.	124	35
11/19/2012 1:08	SMTP-IN	C36A0B9E68C44A84B953B662E729FD39.MAI	3176	a.b.c.d			220 example.com	0	0
11/19/2012 1:08	SMTP-IN	C36A0B9E68C44A84B953B662E729FD39.MAI	3176	a.b.c.d	EHLO	EHLO smtp.example.net	250-win.example.com [a.b.c.d], this server offers 6 extensions	170	29
11/19/2012 1:08	SMTP-IN	C36A0B9E68C44A84B953B662E729FD39.MAI	3176	a.b.c.d	MAIL	MAIL FROM:<bounce-1328-230461690-user=example.com@example.org>	250 Requested mail action okay, completed	43	77
11/19/2012 1:08	SMTP-IN	C36A0B9E68C44A84B953B662E729FD39.MAI	3176	a.b.c.d	RCPT	RCPT TO:<user@example.com>	451 This server employs greylisting as a means of reducing spam. Your message has been delayed and will be accepted later.	124	35
11/19/2012 1:09	SMTP-IN	FC9E6B13EBCD4C8C82E7E73ADFD8078C.MAI	3324	a.b.c.d			220 example.com	0	0
11/19/2012 1:09	SMTP-IN	FC9E6B13EBCD4C8C82E7E73ADFD8078C.MAI	3324	a.b.c.d	EHLO	EHLO smtp.example.net	250-win.example.com [a.b.c.d], this server offers 6 extensions	170	29
11/19/2012 1:09	SMTP-IN	FC9E6B13EBCD4C8C82E7E73ADFD8078C.MAI	3324	a.b.c.d	MAIL	MAIL FROM:<bounce-1328-230461690-user=example.com@example.org>	250 Requested mail action okay, completed	43	77
11/19/2012 1:09	SMTP-IN	FC9E6B13EBCD4C8C82E7E73ADFD8078C.MAI	3324	a.b.c.d	RCPT	RCPT TO:<user@example.com>	451 This server employs greylisting as a means of reducing spam. Your message has been delayed and will be accepted later.	124	35
11/19/2012 1:09	SMTP-IN	75A6D6CFC9714D7AA38FD7D6BD1C82D6.MAI	3176	a.b.c.d			220 example.com	0	0
11/19/2012 1:09	SMTP-IN	75A6D6CFC9714D7AA38FD7D6BD1C82D6.MAI	3176	a.b.c.d	EHLO	EHLO smtp.example.net	250-win.example.com [a.b.c.d], this server offers 6 extensions	170	29
11/19/2012 1:09	SMTP-IN	75A6D6CFC9714D7AA38FD7D6BD1C82D6.MAI	3176	a.b.c.d	MAIL	MAIL FROM:<bounce-1328-230461690-user=example.com@example.org>	250 Requested mail action okay, completed	43	77
11/19/2012 1:09	SMTP-IN	75A6D6CFC9714D7AA38FD7D6BD1C82D6.MAI	3176	a.b.c.d	RCPT	RCPT TO:<user@example.com>	451 This server employs greylisting as a means of reducing spam. Your message has been delayed and will be accepted later.	124	35
11/19/2012 1:10	SMTP-IN	C910F1D86F674E8E82AC41416A2F1DC8.MAI	3308	a.b.c.d			220 example.com	0	0
11/19/2012 1:10	SMTP-IN	C910F1D86F674E8E82AC41416A2F1DC8.MAI	3308	a.b.c.d	EHLO	EHLO smtp.example.net	250-win.example.com [a.b.c.d], this server offers 6 extensions	170	29
11/19/2012 1:10	SMTP-IN	C910F1D86F674E8E82AC41416A2F1DC8.MAI	3308	a.b.c.d	MAIL	MAIL FROM:<bounce-1328-230461690-user=example.com@example.org>	250 Requested mail action okay, completed	43	77
11/19/2012 1:10	SMTP-IN	C910F1D86F674E8E82AC41416A2F1DC8.MAI	3308	a.b.c.d	RCPT	RCPT TO:<user@example.com>	451 This server employs greylisting as a means of reducing spam. Your message has been delayed and will be accepted later.	124	35
11/19/2012 1:10	SMTP-IN	832808C74BD44DA8BC8513744673D900.MAI	3252	a.b.c.d			220 example.com	0	0
11/19/2012 1:10	SMTP-IN	832808C74BD44DA8BC8513744673D900.MAI	3252	a.b.c.d	EHLO	EHLO smtp.example.net	250-win.example.com [a.b.c.d], this server offers 6 extensions	170	29
11/19/2012 1:10	SMTP-IN	832808C74BD44DA8BC8513744673D900.MAI	3252	a.b.c.d	MAIL	MAIL FROM:<bounce-1328-230461690-user=example.com@example.org>	250 Requested mail action okay, completed	43	77
11/19/2012 1:10	SMTP-IN	832808C74BD44DA8BC8513744673D900.MAI	3252	a.b.c.d	RCPT	RCPT TO:<user@example.com>	250 Requested mail action okay, completed	43	35
11/19/2012 1:10	SMTP-IN	832808C74BD44DA8BC8513744673D900.MAI	3252	a.b.c.d	DATA	DATA	354 Start mail input; end with <CRLF>.<CRLF>	46	6
11/19/2012 1:10	SMTP-IN	710D285FACDB4374B6656BE109829F0F.MAI	3252	a.b.c.d	QUIT	QUIT	221 Service closing transmission channel	42	6
11/19/2012 1:46	SMTP-IN	9D1C21355E76420DB3610C582ABFE9E4.MAI	3116	a.b.c.d			220 example.com	0	0
11/19/2012 1:46	SMTP-IN	9D1C21355E76420DB3610C582ABFE9E4.MAI	3116	a.b.c.d	EHLO	EHLO smtp.example.net	250-win.example.com [a.b.c.d], this server offers 6 extensions	170	29
11/19/2012 1:46	SMTP-IN	9D1C21355E76420DB3610C582ABFE9E4.MAI	3116	a.b.c.d	MAIL	MAIL FROM:<bounce-1312-230461690-user=example.com@example.org>	250 Requested mail action okay, completed	43	77
11/19/2012 1:46	SMTP-IN	9D1C21355E76420DB3610C582ABFE9E4.MAI	3116	a.b.c.d	RCPT	RCPT TO:<user@example.com>	451 This server employs greylisting as a means of reducing spam. Your message has been delayed and will be accepted later.	124	35
11/19/2012 1:46	SMTP-IN	DBE8C310D08242978719CE8A622B3660.MAI	3256	a.b.c.d			220 example.com	0	0
As you can see, the remote server tries again and again to send this message, then after 4 minutes it goes through. THAT is to be expected. But then half an hour later the same IP address attempts to send another message, and instead of being allowed, it's greylisted again. A few minutes later (after retrying every 15 seconds to send the next message) the next message will go through. Shortly later, it all happens again. This is all messages from the same IP address.

Historically, the option 'senders will be remembered for 14400 minutes' would ensure this didn't delay *every* message from *every* (not whitelisted) sender. Since 6.65 that's no longer the case.
Top
Admin
Site Admin
Posts: 1127
Joined: Mon Jun 10, 2002 6:31 pm
Location: Melbourne, Victoria, Australia

Re: Greylisting broken in 6.65?

Post by Admin »

Greylisting works on the sender email address, recipient email address, and IP address. i.e. all three items are used to determine whether to not delay the email. So you will need to check these, as it looks like the senders address will be different (SRS is being used in your example which alters the sender email address). You may need to just exclude the IP address from being check for greylisting.
Top
Post Reply

Return to “MailEnable Enterprise Edition”