Helga Mayer
Wed, 23 Dec 2009 00:56:47 -0800
On Wed, 23 Dec 2009, Robert Felber wrote:
On Tue, Dec 22, 2009 at 01:45:56PM +0100, Helga Mayer wrote:Hello list, I have a problem with rejects due to cache entries. We use policyd-weight-0.1.14-beta-17. This is the message found in the logfile: Dec 21 16:09:28 smtp2 postfix/smtpd[16364]: connect from mail-telecontrol.customer.solnet.ch[82.220.17.226] Dec 21 16:09:29 smtp2 postfix/policyd-weight[30193]: decided action=550 temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; <client=82.220.17.226> <helo=smtp.telecontrol.ch> <from=$sen...@telecontrol.ch> <to=$recipi...@uni-hohenheim.de>; delay: 0s Dec 21 16:09:29 smtp2 postfix/smtpd[16364]: NOQUEUE: reject: RCPT from mail-telecontrol.customer.solnet.ch[82.220.17.226]: 550 5.7.1 <$recipi...@uni-hohenheim.de>: Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=<$sen...@telecontrol.ch> to=<$recipi...@uni-hohenheim.de> proto=ESMTP helo=<smtp.telecontrol.ch> There are no other log entries for 82.220.17.226 during the last 8 days. The cache entry is:[bz]grep 82.220.17.226 /var/log/...log... results only in this snippet?
yes What I expected was something likeweighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 HELO_IP_IN_CL_SUBNET=-1.2 (check from: .hotmail. - helo: .some.domain - helo-domain: .domain.) FROM/MX_MATCHES_NOT_HELO(DOMAIN)=1 IN_PM_RFCI=3.2 IN_ABUSE_RFCI=3.2; <client=xxx.xxx.xxx.xxx> <helo=helo.some.domain> <from=sen...@sender.domain> <to=recipi...@uni-hohenheim.de>; rate: 1.7
but there's no entry like this for 82.220.17.226
policyd-weight -s|grep 82.220.17.226 >> blocked: 82.220.17.226 1 0 1261408171 1261408171 (UNIX) is the date of the first (and only) reject + 2 seconds : 1261408171 = Mon, 21 Dec 2009 15:09:31 GMT+ 2 seconds indeed sounds strange but could be explained if the log is done in GMT (which would make it then a retry after 59:57 minutes).
I apologize, this was my mistake. I checked the logs on a common loghost. The loghost is 2 second back.
Is the policy service used by many machines or _only_ by localhost?
by 2 machines with identical setup. 2 smtp servers with the same priority in the MX Record. Each is running policyd-weight locally. On the particular host the time of the cache entry is exactly the time of the first reject. So the problem remaining is: why is there no reason given in the logs for the reject and for rate:1, as seen in the cache entry. Regards Helga Mayer
As a workaround we whitelisted the particular IP. The headers of a mail received from this server are: Received: from smtp.telecontrol.ch (mail-telecontrol.customer.solnet.ch [82.220.17.226]) by smtp2.rz.uni-hohenheim.de (Postfix) with ESMTP for <$recipi...@uni-hohenheim.de>; Tue, 22 Dec 2009 12:23:13 +0100 (CET) Received: from PRISM.telecontrol.local ([192.168.30.11]) by PRISM.telecontrol.local ([192.168.30.11]) with mapi; Tue, 22 Dec 2009 12:23:18 +0100Does lead to a reject, yes. SENDER % host telecontrol.ch telecontrol.ch has address 93.88.240.108 telecontrol.ch mail is handled by 5 mta-gw.infomaniak.ch. % host mta-gw.infomaniak.ch mta-gw.infomaniak.ch has address 84.16.68.126 mta-gw.infomaniak.ch has address 84.16.68.125 HELO % host smtp.telecontrol.ch smtp.telecontrol.ch is an alias for mail.infomaniak.ch. mail.infomaniak.ch has address 84.16.68.123 mail.infomaniak.ch has address 84.16.68.124 CLIENT % host mail-telecontrol.customer.solnet.ch mail-telecontrol.customer.solnet.ch has address 82.220.17.226 The client is in no relation (naming or subnet-wise) to sender or helo. Would the sender use a correct HELO, he wouldn't have this problem.
-- ____________________________________________________________ Policyd-weight Mailinglist - http://www.policyd-weight.org/