On Tue, Dec 22, 2009 at 01:45:56PM +0100, Helga Mayer wrote:
> Hello list,
> 
> I have a problem with rejects due to cache entries.
> We use policyd-weight-0.1.14-beta-17.
> 
> This is the message found in the logfile:
> 
> Dec 21 16:09:28 smtp2 postfix/smtpd[16364]: connect from 
> mail-telecontrol.customer.solnet.ch[82.220.17.226]
> Dec 21 16:09:29 smtp2 postfix/policyd-weight[30193]: decided action=550 
> temporarily blocked because of previous errors - retrying too fast. 
> penalty: 30 seconds x 0 retries.; <client=82.220.17.226> 
> <helo=smtp.telecontrol.ch> <from=$sen...@telecontrol.ch> 
> <to=$recipi...@uni-hohenheim.de>; delay: 0s
> Dec 21 16:09:29 smtp2 postfix/smtpd[16364]: NOQUEUE: reject: RCPT from 
> mail-telecontrol.customer.solnet.ch[82.220.17.226]: 550 5.7.1 
> <$recipi...@uni-hohenheim.de>: Recipient address rejected: temporarily 
> blocked 
> because of previous errors - retrying too fast. penalty: 30 seconds x 0 
> retries.; from=<$sen...@telecontrol.ch> to=<$recipi...@uni-hohenheim.de> 
> proto=ESMTP helo=<smtp.telecontrol.ch>
> 
> 
> There are no other log entries for 82.220.17.226 during the last 8 days.
> The cache entry is:

[bz]grep 82.220.17.226 /var/log/...log...

results only in this snippet?


> policyd-weight -s|grep 82.220.17.226
> blocked: 82.220.17.226 1 0 1261408171
> 1261408171 (UNIX) is the date of the first (and only) reject + 2 seconds :
> 1261408171 = Mon, 21 Dec 2009 15:09:31 GMT

+ 2 seconds indeed sounds strange but could be explained if the
log is done in GMT (which would make it then a retry after 59:57 minutes).


Is the policy service used by many machines or _only_ by localhost?


 
> As a workaround we whitelisted the particular IP.
> The headers of a mail received from this server are:
> 
> Received: from smtp.telecontrol.ch (mail-telecontrol.customer.solnet.ch
>      [82.220.17.226])
>      by smtp2.rz.uni-hohenheim.de (Postfix) with ESMTP
>      for <$recipi...@uni-hohenheim.de>; Tue,
>      22 Dec 2009 12:23:13 +0100 (CET)
> Received: from PRISM.telecontrol.local ([192.168.30.11]) by
>   PRISM.telecontrol.local ([192.168.30.11]) with mapi; Tue, 22 Dec 2009
>   12:23:18 +0100

Does lead to a reject, yes.

SENDER
% host telecontrol.ch
telecontrol.ch has address 93.88.240.108
telecontrol.ch mail is handled by 5 mta-gw.infomaniak.ch.

% host mta-gw.infomaniak.ch
mta-gw.infomaniak.ch has address 84.16.68.126
mta-gw.infomaniak.ch has address 84.16.68.125


HELO
% host smtp.telecontrol.ch
smtp.telecontrol.ch is an alias for mail.infomaniak.ch.
mail.infomaniak.ch has address 84.16.68.123
mail.infomaniak.ch has address 84.16.68.124



CLIENT
% host mail-telecontrol.customer.solnet.ch
mail-telecontrol.customer.solnet.ch has address 82.220.17.226


The client is in no relation (naming or subnet-wise) to sender or helo.
Would the sender use a correct HELO, he wouldn't have this problem.



-- 
    Robert Felber (PGP: 896CF30B)
    Munich, Germany

____________________________________________________________
Policyd-weight Mailinglist - http://www.policyd-weight.org/

Reply via email to