Package: tumgreyspf
Version: 1.32-1
Severity: important
When I use "spf" before "greylist", (like in configuration that I pasted
below) and SPF returns "access neither permitted nor denied" (for example,
when you use gmail.com domain to send emails), greylist is not activated,(!)
and I can send email without any delay!. I think that it shouldn't be
possible - any IP address, that wasn't dropped by SPF should be delayed by
greylist.
My default configuration:
fanatyk:/etc/tumgreyspf/config# cat __default__
SPFSEEDONLY = 0
GREYLISTTIME = 120
CHECKERS = spf,greylist
OTHERCONFIGS = client_address
GREYLISTEXPIREDAYS = 10.0
Result of postconf -n (this is almost default configuration):
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = ipv4, ipv6
mailbox_size_limit = 0
mydestination = $myhostname, localhost
myhostname = fanatyk.com
mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128
mynetworks_style = host
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname, keep talking
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination, reject_invalid_hostname reject_non_fqdn_sender
reject_non_fqdn_recipient reject_unknown_sender_domain
reject_unknown_recipient_domain reject_unverified_recipient permit
smtpd_sender_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_policy_service unix:private/tumgreyspf
permit
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
Here are two examples of telnet sessions:
u...@syjon:~$ telnet fanatyk.com 25
220 fanatyk.com, keep talking
HELO test
250 fanatyk.com
MAIL FROM: <[email protected]>
250 2.1.0 Ok
RCPT TO: <[email protected]>
250 2.1.5 Ok
google use "?all" at the end of _spf.google.com, so I can use it to send
emails. As you can see, I wasn't delayed by greylist. Now I will use domain,
without SPF, to show you that greylist works.
u...@syjon:~$ telnet fanatyk.com 25
220 fanatyk.com, keep talking
HELO test
250 fanatyk.com
MAIL FROM: <[email protected]>
250 2.1.0 Ok
RCPT TO: <[email protected]>
450 4.7.1 <[email protected]>: Sender address rejected: Service unavailable,
greylisted (http://projects.puremagic.com/greylisting/).
That's all. I couldn't make them work together. No errors in mail.log
-- System Information:
Debian Release: 5.0.1
Architecture: i386 (i686)
Kernel: Linux 2.6.29.1-grsec (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages tumgreyspf depends on:
ii adduser 3.110 add and remove users and groups
ii passwd 1:4.1.1-6 change and administer password and
ii python 2.5.2-3 An interactive high-level object-o
ii python-spf 2.0.4-4 sender policy framework (SPF) modu
ii spfquery 1.2.5.dfsg-5+lenny1 query SPF (Sender Policy Framework
tumgreyspf recommends no packages.
tumgreyspf suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
