[exim] Adding a whitelist to greylist

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Raphael Bauduin
Data:  
Para: exim-users
Assunto: [exim] Adding a whitelist to greylist
Hi,

I'm working on a working greylisting setup, but it currently has some
trouble with mail coming from gmail, because the different delivery
attempts may use different IP addresses. that's why I wanted to add a
whitelist check.

To the defer directive (see bottom for the complete directive), I add the
whitelist exception:

!dnslists = list.dnswl.org

and I also add an accept directive (I also tested with a warn directive)

  accept  #or warn
    domains      = +local_domains
    dnslists      = list.dnswl.org
    logwrite      = $sender_host_address is whitelisted


When I send a mail from gmail, which is in the whitelist, I see this in the
logs:
2013-06-13 10:35:30 skip defer greylist (header) <...@gmail.com> for
<...@...>.
2013-06-13 10:35:30 209.85.219.45 is whitelisted

So the new config is applied, but no further processing of the mail happens
after that.

It seems it is only when I restart exim with the old working config that
the mail is delivered after some time.
Notice that the greylist test does not take place anymore though. Here are
the logs for the same mail:

2013-06-13 10:42:27 1Un30E-0006qj-5x DKIM: d=gmail.com s=20120113
c=relaxed/relaxed a=rsa-sha256 [invalid - public key record (currently?)
unavailable]
2013-06-13 10:42:27 1Un30E-0006qj-5x skip defer greylist (data) <...@
gmail.com> for <...@...>
2013-06-13 10:42:29 1Un30E-0006qj-5x SA: Debug: SAEximRunCond expand
returned: '1'
2013-06-13 10:42:29 1Un30E-0006qj-5x SA: Debug: check succeeded, running
spamc
2013-06-13 10:42:32 1Un30E-0006qj-5x SA: Action: scanned but message isn't
spam: score=-0.7 required=5.0 (scanned in 3/3 secs | Message-Id: ...@
mail.gmail.com). From <...@gmail.com>
(host=mail-oa0-f45.google.com[209.85.219.45]) for ...@...
2013-06-13 10:42:32 1Un30E-0006qj-5x <= ...@gmail.com H=
mail-oa0-f45.google.com [209.85.219.45] P=esmtps
X=TLS1.0:RSA_ARCFOUR_SHA1:16 S=4236 id=...@mail.gmail.com
2013-06-13 10:42:32 1Un30E-0006qj-5x => /mnt/mail/dest.... <... @...>
R=userforward T=address_directory
2013-06-13 10:42:32 1Un30E-0006qj-5x Completed


I don't understand the behaviour observed, and I wonder what I am
misconfiguring.

Thanks in advance for your help

Raph



#############################
  defer
    message        = 451 4.3.2 $sender_host_address is not yet authorized
to deliver \
                     mail from <$sender_address> to <$local_part@$domain>. \
                     Please try later.
    log_message    = greylisted (header) <$sender_address>.
#    !dnslists = list.dnswl.org
    !senders       = : \
                     LDAP_LOOKUP_RESULT
    !hosts         = : +relay_from_hosts : \
                     ${if exists {/etc/greylistd/whitelist-hosts}\
                                 {/etc/greylistd/whitelist-hosts}{}} : \
                     ${if exists {/var/lib/greylistd/whitelist-hosts}\
                                 {/var/lib/greylistd/whitelist-hosts}{}}
    !authenticated = *
    !acl           = acl_local_deny_exceptions
    domains        = +local_domains : +relay_to_domains
    verify         = recipient/callout=20s,use_sender,defer_ok
    condition      = ${readsocket{/var/run/greylistd/socket}\
                                 {--grey \
                                  $sender_host_address \
                                  $sender_address \
                                  $local_part@$domain}\
                                 {5s}{}{false}}


###########################
#  warn  #or accept
#    domains      = +local_domains
#    dnslists      = list.dnswl.org
#    logwrite      = $sender_host_address is whitelisted