Robert Felber
Wed, 23 Dec 2009 00:03:54 -0800
On Tue, Dec 22, 2009 at 01:45:56PM +0100, Helga Mayer wrote: > Hello list, > > I have a problem with rejects due to cache entries. > We use policyd-weight-0.1.14-beta-17. > > This is the message found in the logfile: > > Dec 21 16:09:28 smtp2 postfix/smtpd[16364]: connect from > mail-telecontrol.customer.solnet.ch[82.220.17.226] > Dec 21 16:09:29 smtp2 postfix/policyd-weight[30193]: decided action=550 > temporarily blocked because of previous errors - retrying too fast. > penalty: 30 seconds x 0 retries.; <client=82.220.17.226> > <helo=smtp.telecontrol.ch> <from=$sen...@telecontrol.ch> > <to=$recipi...@uni-hohenheim.de>; delay: 0s > Dec 21 16:09:29 smtp2 postfix/smtpd[16364]: NOQUEUE: reject: RCPT from > mail-telecontrol.customer.solnet.ch[82.220.17.226]: 550 5.7.1 > <$recipi...@uni-hohenheim.de>: Recipient address rejected: temporarily > blocked > because of previous errors - retrying too fast. penalty: 30 seconds x 0 > retries.; from=<$sen...@telecontrol.ch> to=<$recipi...@uni-hohenheim.de> > proto=ESMTP helo=<smtp.telecontrol.ch> > > > There are no other log entries for 82.220.17.226 during the last 8 days. > The cache entry is:
[bz]grep 82.220.17.226 /var/log/...log...
results only in this snippet?
> policyd-weight -s|grep 82.220.17.226
> blocked: 82.220.17.226 1 0 1261408171
> 1261408171 (UNIX) is the date of the first (and only) reject + 2 seconds :
> 1261408171 = Mon, 21 Dec 2009 15:09:31 GMT
+ 2 seconds indeed sounds strange but could be explained if the
log is done in GMT (which would make it then a retry after 59:57 minutes).
Is the policy service used by many machines or _only_ by localhost?
> As a workaround we whitelisted the particular IP.
> The headers of a mail received from this server are:
>
> Received: from smtp.telecontrol.ch (mail-telecontrol.customer.solnet.ch
> [82.220.17.226])
> by smtp2.rz.uni-hohenheim.de (Postfix) with ESMTP
> for <$recipi...@uni-hohenheim.de>; Tue,
> 22 Dec 2009 12:23:13 +0100 (CET)
> Received: from PRISM.telecontrol.local ([192.168.30.11]) by
> PRISM.telecontrol.local ([192.168.30.11]) with mapi; Tue, 22 Dec 2009
> 12:23:18 +0100
Does lead to a reject, yes.
SENDER
% host telecontrol.ch
telecontrol.ch has address 93.88.240.108
telecontrol.ch mail is handled by 5 mta-gw.infomaniak.ch.
% host mta-gw.infomaniak.ch
mta-gw.infomaniak.ch has address 84.16.68.126
mta-gw.infomaniak.ch has address 84.16.68.125
HELO
% host smtp.telecontrol.ch
smtp.telecontrol.ch is an alias for mail.infomaniak.ch.
mail.infomaniak.ch has address 84.16.68.123
mail.infomaniak.ch has address 84.16.68.124
CLIENT
% host mail-telecontrol.customer.solnet.ch
mail-telecontrol.customer.solnet.ch has address 82.220.17.226
The client is in no relation (naming or subnet-wise) to sender or helo.
Would the sender use a correct HELO, he wouldn't have this problem.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/