On Wed, 23 Dec 2009, Robert Felber wrote:
On Tue, Dec 22, 2009 at 01:45:56PM +0100, Helga Mayer wrote:
Hello list,
I have a problem with rejects due to cache entries.
We use policyd-weight-0.1.14-beta-17.
This is the message found in the logfile:
Dec 21 16:09:28 smtp2 postfix/smtpd[16364]: connect from
mail-telecontrol.customer.solnet.ch[82.220.17.226]
Dec 21 16:09:29 smtp2 postfix/policyd-weight[30193]: decided action=550
temporarily blocked because of previous errors - retrying too fast.
penalty: 30 seconds x 0 retries.; <client=82.220.17.226>
<helo=smtp.telecontrol.ch> <from=$sen...@telecontrol.ch>
<to=$recipi...@uni-hohenheim.de>; delay: 0s
Dec 21 16:09:29 smtp2 postfix/smtpd[16364]: NOQUEUE: reject: RCPT from
mail-telecontrol.customer.solnet.ch[82.220.17.226]: 550 5.7.1
<$recipi...@uni-hohenheim.de>: Recipient address rejected: temporarily
blocked
because of previous errors - retrying too fast. penalty: 30 seconds x 0
retries.; from=<$sen...@telecontrol.ch> to=<$recipi...@uni-hohenheim.de>
proto=ESMTP helo=<smtp.telecontrol.ch>
There are no other log entries for 82.220.17.226 during the last 8 days.
The cache entry is:
[bz]grep 82.220.17.226 /var/log/...log...
results only in this snippet?
yes
What I expected was something like
weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL_SUBNET=-1.2 (check from: .hotmail. -
helo: .some.domain - helo-domain: .domain.)
FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1 IN_PM_RFCI=3.2 IN_ABUSE_RFCI=3.2;
<client=xxx.xxx.xxx.xxx> <helo=helo.some.domain>
<from=sen...@sender.domain> <to=recipi...@uni-hohenheim.de>; rate:
1.7
but there's no entry like this for 82.220.17.226
policyd-weight -s|grep 82.220.17.226 >> blocked: 82.220.17.226 1 0 1261408171
1261408171 (UNIX) is the date of the first (and only) reject + 2 seconds :
1261408171 = Mon, 21 Dec 2009 15:09:31 GMT
+ 2 seconds indeed sounds strange but could be explained if the
log is done in GMT (which would make it then a retry after 59:57 minutes).
I apologize, this was my mistake. I checked the logs on a common loghost.
The loghost is 2 second back.
Is the policy service used by many machines or _only_ by localhost?
by 2 machines with identical setup. 2 smtp servers with the same priority
in the MX Record. Each is running policyd-weight locally.
On the particular host the time of the cache entry is exactly the time
of the first reject. So the problem remaining is:
why is there no reason given in the logs for the reject and for rate:1,
as seen in the cache entry.
Regards
Helga Mayer
As a workaround we whitelisted the particular IP.
The headers of a mail received from this server are:
Received: from smtp.telecontrol.ch (mail-telecontrol.customer.solnet.ch
[82.220.17.226])
by smtp2.rz.uni-hohenheim.de (Postfix) with ESMTP
for <$recipi...@uni-hohenheim.de>; Tue,
22 Dec 2009 12:23:13 +0100 (CET)
Received: from PRISM.telecontrol.local ([192.168.30.11]) by
PRISM.telecontrol.local ([192.168.30.11]) with mapi; Tue, 22 Dec 2009
12:23:18 +0100
Does lead to a reject, yes.
SENDER
% host telecontrol.ch
telecontrol.ch has address 93.88.240.108
telecontrol.ch mail is handled by 5 mta-gw.infomaniak.ch.
% host mta-gw.infomaniak.ch
mta-gw.infomaniak.ch has address 84.16.68.126
mta-gw.infomaniak.ch has address 84.16.68.125
HELO
% host smtp.telecontrol.ch
smtp.telecontrol.ch is an alias for mail.infomaniak.ch.
mail.infomaniak.ch has address 84.16.68.123
mail.infomaniak.ch has address 84.16.68.124
CLIENT
% host mail-telecontrol.customer.solnet.ch
mail-telecontrol.customer.solnet.ch has address 82.220.17.226
The client is in no relation (naming or subnet-wise) to sender or helo.
Would the sender use a correct HELO, he wouldn't have this problem.
--
____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/
