Re: [exim] Adding a whitelist to greylist

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Odhiambo Washington
Date:  
À: Raphael Bauduin
CC: Exim .
Sujet: Re: [exim] Adding a whitelist to greylist
1. dnslists is used in blacklisting, not greylisting.
2. If you say sometimes it has problems with gmail, I'd simply add
    !sender_domains = gmail.com
..which would take care of gmail.com


PS: I did not read your rules to understand what they do. I only tried to
answer your question.



On 13 June 2013 12:15, Raphael Bauduin <rblists@???> wrote:

> Hi,
>
> I'm working on a working greylisting setup, but it currently has some
> trouble with mail coming from gmail, because the different delivery
> attempts may use different IP addresses. that's why I wanted to add a
> whitelist check.
>
> To the defer directive (see bottom for the complete directive), I add the
> whitelist exception:
>
> !dnslists = list.dnswl.org
>
> and I also add an accept directive (I also tested with a warn directive)
>
>   accept  #or warn
>     domains      = +local_domains
>     dnslists      = list.dnswl.org
>     logwrite      = $sender_host_address is whitelisted

>
> When I send a mail from gmail, which is in the whitelist, I see this in the
> logs:
> 2013-06-13 10:35:30 skip defer greylist (header) <...@gmail.com> for
> <...@...>.
> 2013-06-13 10:35:30 209.85.219.45 is whitelisted
>
> So the new config is applied, but no further processing of the mail happens
> after that.
>
> It seems it is only when I restart exim with the old working config that
> the mail is delivered after some time.
> Notice that the greylist test does not take place anymore though. Here are
> the logs for the same mail:
>
> 2013-06-13 10:42:27 1Un30E-0006qj-5x DKIM: d=gmail.com s=20120113
> c=relaxed/relaxed a=rsa-sha256 [invalid - public key record (currently?)
> unavailable]
> 2013-06-13 10:42:27 1Un30E-0006qj-5x skip defer greylist (data) <...@
> gmail.com> for <...@...>
> 2013-06-13 10:42:29 1Un30E-0006qj-5x SA: Debug: SAEximRunCond expand
> returned: '1'
> 2013-06-13 10:42:29 1Un30E-0006qj-5x SA: Debug: check succeeded, running
> spamc
> 2013-06-13 10:42:32 1Un30E-0006qj-5x SA: Action: scanned but message isn't
> spam: score=-0.7 required=5.0 (scanned in 3/3 secs | Message-Id: ...@
> mail.gmail.com). From <...@gmail.com>
> (host=mail-oa0-f45.google.com[209.85.219.45]) for ...@...
> 2013-06-13 10:42:32 1Un30E-0006qj-5x <= ...@gmail.com H=
> mail-oa0-f45.google.com [209.85.219.45] P=esmtps
> X=TLS1.0:RSA_ARCFOUR_SHA1:16 S=4236 id=...@mail.gmail.com
> 2013-06-13 10:42:32 1Un30E-0006qj-5x => /mnt/mail/dest.... <... @...>
> R=userforward T=address_directory
> 2013-06-13 10:42:32 1Un30E-0006qj-5x Completed
>
>
> I don't understand the behaviour observed, and I wonder what I am
> misconfiguring.
>
> Thanks in advance for your help
>
> Raph
>
>
>
> #############################
>   defer
>     message        = 451 4.3.2 $sender_host_address is not yet authorized
> to deliver \
>                      mail from <$sender_address> to <$local_part@$domain>.
> \
>                      Please try later.
>     log_message    = greylisted (header) <$sender_address>.
> #    !dnslists = list.dnswl.org
>     !senders       = : \
>                      LDAP_LOOKUP_RESULT
>     !hosts         = : +relay_from_hosts : \
>                      ${if exists {/etc/greylistd/whitelist-hosts}\
>                                  {/etc/greylistd/whitelist-hosts}{}} : \
>                      ${if exists {/var/lib/greylistd/whitelist-hosts}\
>                                  {/var/lib/greylistd/whitelist-hosts}{}}
>     !authenticated = *
>     !acl           = acl_local_deny_exceptions
>     domains        = +local_domains : +relay_to_domains
>     verify         = recipient/callout=20s,use_sender,defer_ok
>     condition      = ${readsocket{/var/run/greylistd/socket}\
>                                  {--grey \
>                                   $sender_host_address \
>                                   $sender_address \
>                                   $local_part@$domain}\
>                                  {5s}{}{false}}

>
> ###########################
> #  warn  #or accept
> #    domains      = +local_domains
> #    dnslists      = list.dnswl.org
> #    logwrite      = $sender_host_address is whitelisted
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

>




--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."