Problems with Greylisting: mails gets rejected

[maxxer]

Hi.

I'm trying to set up Greylisting as per the wiki:
Improving Anti-spam system - Zimbra :: Wiki
looks quite easy to, do, but I'm having troubles.

When I set up Zimbra to use postgrey, mails are rejected like when the user is not found, so they are not retried!

In logs I see this (hosts and ips masked)

Code:

postfix/smtp[18539]: 8A4857FC82: to=<maxxer@fake.com>, relay=none, delay=587, delays=566/0.01/21/0, dsn=4.4.1, 
status=deferred (connect to testzimbra[1.1.1.1]:25: Connection timed out)
postgrey[4708]: action=greylist, reason=new, client_name=posta.myserver.it, client_address=1.1.1.1, sender=maxxer@fake,com, recipient=admin@ubuntu10.ufficyo.com
postfix/smtpd[12382]: NOQUEUE: reject: RCPT from posta.myserver.it[10.6.1.1]: 450 4.2.0 <admin@ubuntu10.ufficyo.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/ubuntu10.ufficyo.com.html; from=<my@testdomain.it> to=<admin@ubuntu10.ufficyo.com> proto=ESMTP helo=<posta.myserver.it>

but then I get to the sender a mail saying mailbox does not exists!
In my /opt/zimbra/conf/postfix_recipient_restrictions.cf I have

Code:

%%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:127.0.0.1:10031%%
reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_unlisted_recipient
check_policy_service inet:127.0.0.1:10023
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
%%contains VAR:zimbraMtaRestriction check_policy_service unix:private/policy%%

(port is fine, as i'm on ubuntu).

what's wrong?
thanks

[ip2]

Hi Maxxer

I am also having the same problem.
Has solved?

Thanks

[maxxer]

no I never solved, I had to remove greylisting, never had time to investigate more

[ip2]

Ok I'll keep searching.
Any new share the resolution

thank you

[raj]

i dont think policyD is ready to be used in current version of zimbra..i may be wrong.
what i know is the ORDER in which the line
%%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:127.0.0.1:10031%%
appears in the main thing.
in my personal policyd setting outside of zimbra i put below few lines and then i had to change some code to make it work properly as i liked.

from this implementation of zimbra your SMTP AUTH will get greylisted..as policy line is on top of
permit_sasl_authenticated

Raj

[ip2]

Quote:

Originally Posted by raj

i dont think policyD is ready to be used in current version of zimbra..i may be wrong.
what i know is the ORDER in which the line
%%contains VAR:zimbraServiceEnabled cbpolicyd, check_policy_service inet:127.0.0.1:10031%%
appears in the main thing.
in my personal policyd setting outside of zimbra i put below few lines and then i had to change some code to make it work properly as i liked.

from this implementation of zimbra your SMTP AUTH will get greylisted..as policy line is on top of
permit_sasl_authenticated

Raj

Hi Raj

I changed the order as said.
I'm still the same problem.

When I create a new account to receive the first time the other domains prevents Greylist.

action = Greylist, reason = new
Recipient address rejected: Greylisted, see Postgrey Help

Order postfix_recipient_restrictions.cf
%% contains VAR: zimbraServiceEnabled cbpolicyd, check_policy_service inet: 127.0.0.1:10031%%
reject_non_fqdn_recipient
permit_mynetworks
check_policy_service inet: 127.0.0.1:60000
permit_sasl_authenticated
reject_unauth_destination
reject_unlisted_recipient
%% contains VAR: zimbraMtaRestriction reject_invalid_hostname%%
%% contains VAR: zimbraMtaRestriction reject_non_fqdn_hostname%%
%% contains VAR: zimbraMtaRestriction reject_non_fqdn_sender%%
%% contains VAR: zimbraMtaRestriction reject_unknown_client%%
%% contains VAR: zimbraMtaRestriction reject_unknown_hostname%%
%% contains VAR: zimbraMtaRestriction reject_unknown_sender_domain%%
explodes reject_rbl_client%% VAR:%% zimbraMtaRestrictionRBLs
%% contains VAR: zimbraMtaRestriction check_policy_service unix: private / policy%%
permit

Any idea?

Thanks
Robson

[ip2]

Any idea? Please