Re: [exim] Issues with greylisting

Top Page
Delete this message
Reply to this message
Author: Raymond Jette
Date:  
To: exim-users
Subject: Re: [exim] Issues with greylisting
Thank you for the reply. I ran a new test, just now, after a reboot of
the server:

Exim -bh 207.138.26.1
In the test I used the following:
Ehlo mestek.com
Mail from:<rjette@???>
Rcpt to:<rjette@???>

The output of this test is attached as exim_-bh.txt

The last line of this output shows the following:

LOG: 1NXEtf-0005fP-0f <= rjette@??? H=(mestek.com) [207.138.26.1]
P=esmtp S=368 from <rjette@???> for rjette@???
250 OK id=1NXEtf-0005fP-0f

It shows that greylisting is working as expected. When I send a test
message or test using telnet it does not work. I ran the same test using
telnet:

Telnet <server_ip> 25
Ehlo mestek.com
Mail from:<rjette@???>
Rcpt to:<rjette@???>

The message gets a 451 code saying that the message was greylisted. I'm
not sure who it can work one way but not the other.

-----Original Message-----
From: David Woodhouse [mailto:dwmw2@infradead.org]
Sent: Monday, January 18, 2010 6:17 PM
To: Raymond Jette
Cc: exim-users@???
Subject: Re: [exim] Issues with greylisting

On Fri, 2010-01-15 at 10:27 -0500, Raymond Jette wrote:
> That helped. I'm not further that I was put I am still having issues.
> Every connection is rejected even if the 5 minutes have passed. There
> is not to much on the internet on this. The configuration seems to be
> correct so im not sure why this is not working.


> >>> check set acl_m_greyident =
> ${hash{20}{62}{$sender_address$recipients$h_message-id:}}
> >>>                           = FRoqdLbSTv7yEg0BgDd2


Is that ident actually consistent? When the same mail is offered again
for a second time, is the ident the same?

When testing using exim -bh <ip> it is the same.

> >>> warn: condition test succeeded
> >>> processing "warn"
> >>> check set acl_m_greyexpiry = ${lookup sqlite
> {/var/spool/exim/db/greylist.db SELECT expire FROM greylist WHERE 
> id='${quote_sqlite:$acl_m_greyident}';}{$value}}
> >>>                            =


Found no existing record for this ident.

> >>> warn: condition test succeeded
> >>> processing "warn"
> >>> check condition = ${if eq {$acl_m_greyexpiry}{} {1}}
> >>>                 = 1
> >>> check set acl_m_dontcare = ${lookup sqlite
> {/var/spool/exim/db/greylist.db INSERT INTO greylist VALUES ( 
> '$acl_m_greyident', '${eval10:$tod_epoch+300}', 
> '$sender_host_address', '${quote_sqlite:$sender_helo_name}' );}}
> >>>                          =
> >>> warn: condition test succeeded


OK, so it looks like the insertion into the database succeeded.

What happens if you look in the database manually?

# sqlite3 /var/spool/exim/db/greylist.db sqlite> select * from
greylist where id='FRoqdLbSTv7yEg0BgDd2';

Is there any output? Should look something like...
XDLeRvn5AXUA1ANXwjva|1263852799|95.66.103.182|misho

This is working. I see something similur to this.

> >>> processing "defer"
> >>> check condition = ${if eq {$acl_m_greyexpiry}{} {1}}
> >>>                 = 1
> >>> check condition = ${lookup sqlite {/var/spool/exim/db/greylist.db
> SELECT expire FROM greylist WHERE
> id='${quote_sqlite:$acl_m_greyident}';} {1}}
> >>>                 = 1


This part of the code actually checks whether the insertion succeeded,
and it seems to think that it _did_ succeed.

If it fails (perhaps because exim didn't have write permission to the
database), then it should fall through to accepting the mail.

I don't know what's going wrong, but my first suspicion would be that
the mail ident is not the same from attempt to attempt for some reason.

Can you show me this kind of debug output for two consecutive attempts
to submit exactly the _same_ mail?


I did not attache the two attempts because it seems to be working when
using exim -bh. Just not when I send real mail or use telnet.

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse@???                              Intel Corporation






354 Enter message, ending with "." on a line by itself
test
.
>>> host in ignore_fromline_hosts? no (option unset)
>>> using ACL "acl_check_data"
>>> processing "warn"
>>> check set acl_m_greylistreasons = We greylist all mail\n$acl_m_greylistreasons
>>>                              = We greylist all mail
>>> 
>>> warn: condition test succeeded
>>> processing "require"
>>> check acl = greylist_mail
>>> using ACL "greylist_mail"
>>> processing "accept"
>>> check condition = ${if eq{$acl_m_greylistreasons}{} {1}}
>>>                 = 
>>> accept: condition test failed
>>> processing "accept"
>>> check hosts = :
>>> host in ":"? no (end of list)
>>> accept: condition test failed
>>> processing "accept"
>>> check authenticated = *
>>> accept: condition test failed
>>> processing "accept"
>>> check condition = ${lookup sqlite {/var/spool/exim/db/greylist.db SELECT host from resenders WHERE helo='${quote_sqlite:$sender_helo_name}' AND host='$sender_host_address';} {1}}
>>>                 = 
>>> accept: condition test failed
>>> processing "warn"
>>> check set acl_m_greyident = ${hash{20}{62}{$sender_address$recipients$h_message-id:}}
>>>                           = ggqwF8UzZyAUI3LXV0SN
>>> warn: condition test succeeded
>>> processing "warn"
>>> check set acl_m_greyexpiry = ${lookup sqlite {/var/spool/exim/db/greylist.db SELECT expire FROM greylist WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
>>>                            = 1263910114
>>> warn: condition test succeeded
>>> processing "warn"
>>> check condition = ${if eq {$acl_m_greyexpiry}{} {1}}
>>>                 = 
>>> warn: condition test failed
>>> processing "defer"
>>> check condition = ${if eq {$acl_m_greyexpiry}{} {1}}
>>>                 = 
>>> defer: condition test failed
>>> processing "warn"
>>> check condition = ${if eq {$acl_m_greyexpiry}{} {1}}
>>>                 = 
>>> warn: condition test failed
>>> processing "accept"
>>> check condition = ${if eq {$acl_m_greyexpiry}{} {1}}
>>>                 = 
>>> accept: condition test failed
>>> processing "defer"
>>> check condition = ${if > {$acl_m_greyexpiry}{$tod_epoch}}
>>>                 = 
>>> defer: condition test failed
>>> processing "warn"
>>> check set acl_m_orighost = ${lookup sqlite {/var/spool/exim/db/greylist.db SELECT host FROM greylist WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
>>>                          = 209.3.1.2
>>> check set acl_m_orighelo = ${lookup sqlite {/var/spool/exim/db/greylist.db SELECT helo FROM greylist WHERE id='${quote_sqlite:$acl_m_greyident}';}{$value}}
>>>                          = mestek.com
>>> check set acl_m_dontcare = ${lookup sqlite {/var/spool/exim/db/greylist.db INSERT INTO resenders VALUES ( '$acl_m_orighost', '${quote_sqlite:$acl_m_orighelo}', '$tod_epoch' ); }}
>>>                          = 
>>> check logwrite = Added host $acl_m_orighost with HELO '$acl_m_orighelo' to known resenders
>>>                = Added host 209.3.1.2 with HELO 'mestek.com' to known resenders

LOG: 1NXEtf-0005fP-0f Added host 209.3.1.2 with HELO 'mestek.com' to known resenders
>>> warn: condition test succeeded
>>> processing "accept"
>>> accept: condition test succeeded
>>> require: condition test succeeded
>>> processing "accept"
>>> check condition = ${if >={$message_size}{100000} {1}}
>>>                 = 
>>> accept: condition test failed
>>> processing "warn"
>>> check spam = nobody/defer_ok
>>> trying server 127.0.0.1, port 783
>>> check add_header = X-Spam-Flag: YES
>>> warn: condition test succeeded
>>> processing "accept"
>>> check condition = ${if !def:spam_score_int {1}}
>>>                 = 
>>> accept: condition test failed
>>> processing "warn"
>>> check add_header = X-Spam-Score: $spam_score ($spam_bar)\nX-Spam-Report: $spam_report
>>>                  = X-Spam-Score: 5.8 (+++++)
>>> X-Spam-Report: MISSING_DATE=1.396, MISSING_HEADERS=1.207, MISSING_MID=0.14, MISSING_SUBJECT=1.767, RDNS_NONE=1.274
>>> warn: condition test succeeded
>>> processing "deny"
>>> check condition = ${if >{$spam_score_int}{60} {1}}
>>>                 = 
>>> deny: condition test failed
>>> processing "deny"
>>> check malware = *
>>> deny: condition test failed
>>> processing "accept"
>>> accept: condition test succeeded
>>> unspool_mbox(): unlinking '/var/spool/exim/scan/1NXEtf-0005fP-0f/1NXEtf-0005fP-0f.eml'

LOG: 1NXEtf-0005fP-0f <= rjette@??? H=(mestek.com) [207.138.26.1] P=esmtp S=368 from <rjette@???> for rjette@???
250 OK id=1NXEtf-0005fP-0f

**** SMTP testing: that is not a real message id!

LOG: 1NXEtf-0005fP-0f SMTP command timeout on connection from (mestek.com) [207.138.26.1]
421 mx1.mestek.net: SMTP command timeout - closing connection