1

Topic: Too much spam

==== Provide required information to help troubleshoot and get quick answer ====
- Linux/BSD distribution name and version:  UBUNTU SERVER 11.10 64 BITS
- iRedMail version and backend (LDAP/MySQL):  iRedMail-0.7.4 MySQL
- Any related log? Log is helpful for troubleshooting.
====

Users are complaining they are receiving too much spam, how can I adjust spam filters, and verify that they are working properly?
I also believe that postgrey is not working, how can I check it?

Thanks for your support.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Too much spam

First of all, please make sure greylisting is working: http://iredmail.org/wiki/index.php?titl … reylisting

3

Re: Too much spam

I can't find any 'postfix-policyd.conf' in my ubuntu 11.10.

4

Re: Too much spam

Oops, my mistake.

Ubuntu 11.10 (and 12.04) ships Cluebringer instead of Policyd-1.8, so please check /etc/cluebringer/cluebringer.conf instead.

5

Re: Too much spam

My cluebringer.conf has greylisting enable:
# Greylisting module
[Greylisting]
enable=1

6

Re: Too much spam

Do you have greylisting enabled in cluebringer database. Please paste output of below SQL command:

mysql> USE cluebringer;
mysql> SELECT * FROM greylisting;

If it's empty, please execute below command to enable greylisting on all inbound emails:

mysql> USE cluebringer;
mysql> INSERT INTO greylisting (PolicyID, Name, UseGreylisting, GreylistPeriod, Track, GreylistAuthValidity, GreylistUnAuthValidity, UseAutoWhitelist, AutoWhitelistPeriod, AutoWhitelistCount, AutoWhitelistPercentage, UseAutoBlacklist, AutoBlacklistPeriod, AutoBlacklistCount, AutoBlacklistPercentage, Comment, Disabled) VALUES (3, 'Greylisting Inbound Emails', 1, 240, 'SenderIP:/24', 604800, 86400, 1, 604800, 100, 90, 1, 604800, 100, 20, '', 0);                                        

7 (edited by manunauta 2012-03-29 02:30:34)

Re: Too much spam

My greylisting table was empty.
I've just executed the INSERT command that you suggested. Is it necessary to reload any service to take effect this change?
Now I'm waiting for the results.

Thank you again.

8

Re: Too much spam

manunauta wrote:

I've just executed the INSERT command that you suggested. Is it necessary to reload any service to take effect this change?

No.

manunauta wrote:

Now I'm waiting for the results.

You can monitor log file, there should be some log entries contains 'greylist'. Try:

# grep -i 'greylist' /var/log/mail.log

9

Re: Too much spam

I've executed:
# grep -i 'greylist' /var/log/mail.log

but I only get this lines:

Mar 26 11:49:58 smtp postfix/smtp[26059]: 3030D6801AF: host svrm03.ibernet.net[81.92.136.12] said: 450 <unknown[82.194.94.xx]>: Client host rejected: Greylisted (in reply to RCPT TO command)
Mar 26 11:49:58 smtp postfix/smtp[26059]: 3030D6801AF: to=<xxxx.xxx@xxxxxx.com>, relay=svmb02.ibernet.net[81.92.136.11]:25, delay=0.53, delays=0.01/0.01/0.38/0.12, dsn=4.0.0, status=deferred (host svmb02.ibernet.net[81.92.136.11] said: 450 <xxxx.xxx@xxxxxxx.com>: Recipient address rejected: Greylisted (in reply to RCPT TO command))
Mar 26 13:42:19 smtp postfix/smtp[1811]: 33B2C6801A9: to=<yyyy.yyy@yyyyy.com>, relay=mail.xxxxxx.com[195.53.213.xxx]:25, delay=0.06, delays=0.01/0/0.02/0.02, dsn=4.0.0, status=deferred (host mail.xxxxx.com[195.53.213.xxx] said: 451 Greylisting enabled, try again in 5 minutes (in reply to RCPT TO command))
Mar 27 10:41:26 smtp postfix/smtp[17486]: 6C2B2680198: host xx.xxxx.xx.uk[212.53.64.xx] said: 451 82.194.94.xx - You have been greylisted, please try later (in reply to RCPT TO command)
Mar 27 11:20:39 smtp postfix/smtp[21665]: D2CBD6801C6: to=<xxxx@xxxx.es>, relay=xxxx.xxx.es[93.92.232.xx]:25, delay=4.1, delays=0.02/0/0.21/3.9, dsn=4.2.0, status=deferred (host xxxx.xxx.es[93.92.232.xx] said: 450 4.2.0 <xxxx@xxx.es>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/xxxx.es.html (in reply to RCPT TO command))
Mar 27 11:23:11 smtp postfix/smtp[21866]: 2C7206801C7: host easymx2.easily.co.uk[62.128.158.225] said: 451 82.194.94.xx - You have been greylisted, please try later (in reply to RCPT TO command)
Mar 27 11:23:12 smtp postfix/smtp[21866]: 2C7206801C7: to=<xxxxx@xxxxxx.co.uk>, relay=rhea.easily.co.uk[212.53.64.82]:25, delay=1.1, delays=0.05/0.01/0.82/0.2, dsn=4.0.0, status=deferred (host rhea.easily.co.uk[212.53.64.82] said: 451 82.194.94.xx - You have been greylisted, please try later (in reply to RCPT TO command))
Mar 27 11:53:36 smtp postfix/smtp[2423]: 49A7568017D: host rhea.easily.co.uk[212.53.64.82] said: 451 82.194.94.xx - You have been greylisted, please try later (in reply to RCPT TO command)
Mar 27 16:39:44 smtp postfix/smtp[15794]: 6F98E6801DB: host spool.mail.gandi.net[217.70.184.6] said: 450 4.7.1 <xxxx@xxxxxxx.es>: Recipient address rejected: Greylisted for 299 seconds (in reply to RCPT TO command)
Mar 27 16:39:45 smtp postfix/smtp[15794]: 6F98E6801DB: to=<xxxx@xxxxxxx.es>, relay=fb.mail.gandi.net[217.70.184.162]:25, delay=2, delays=1/0/0.56/0.48, dsn=4.7.1, status=deferred (host fb.mail.gandi.net[217.70.184.162] said: 450 4.7.1 <xxxx@xxxxxxx.es>: Recipient address rejected: Greylisted for 298 seconds (in reply to RCPT TO command))
Mar 28 14:10:09 smtp postfix/smtp[10355]: BC55B6801A2: to=<xxx@xxxxxxxx.com>, relay=mail.nivas.hr[82.94.255.91]:25, delay=1.1, delays=0.06/0.01/0.31/0.77, dsn=4.2.0, status=deferred (host mail.nivas.hr[82.94.255.91] said: 450 4.2.0 <xxx@xxxxxx.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/xxxxxxxx.com.html (in reply to RCPT TO command))
Mar 28 16:40:51 smtp postfix/smtp[26295]: 4CC3B6801AB: host mx1.infoself.com[89.140.177.141] said: 450 4.2.0 <xxxxxxx@xxxxxx.es>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/xxxxxxxx.es.html (in reply to RCPT TO command)
Mar 28 16:40:51 smtp postfix/smtp[26295]: 4CC3B6801AB: to=<xxxxxx@xxxxxx.es>, relay=mx2.infoself.com[89.140.177.142]:25, delay=0.53, delays=0.01/0.01/0.33/0.19, dsn=4.2.0, status=deferred (host mx2.infoself.com[89.140.177.142] said: 450 4.2.0 <xxxxxx@xxxxxx.es>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/xxxxxxx.es.html (in reply to RCPT TO command))
Mar 29 11:14:07 smtp postfix/smtp[10162]: 19AFA6801B6: to=<xxxx@xxxxx.biz>, relay=mail.s70.biz[80.80.88.71]:25, delay=33, delays=1/0.01/16/16, dsn=4.0.0, status=deferred (host mail.s70.biz[80.80.88.71] said: 451 Greylisting enabled, try again in 2 minutes (in reply to RCPT TO command))

It seems that greylisting only works for outgoing mail.
Still getting spam in the user's mailbox.

10

Re: Too much spam

Please paste output of below SQL command:

mysql> USE cluebringer;
mysql> SELECT * FROM policies;
mysql> SELECT * FROM policy_members;
mysql> SELECT * FROM greylisting;

11 (edited by manunauta 2012-04-26 19:49:26)

Re: Too much spam

mysql> select * from policies;
+----+------------------+----------+--------------------------------+----------+
| ID | Name             | Priority | Description                    | Disabled |
+----+------------------+----------+--------------------------------+----------+
|  1 | Default          |        0 | Default System Policy          |        0 |
|  2 | Default Outbound |       10 | Default Outbound System Policy |        0 |
|  3 | Default Inbound  |       10 | Default Inbound System Policy  |        0 |
|  4 | Default Internal |       20 | Default Internal System Policy |        0 |
|  5 | Test             |       50 | Test policy                    |        0 |
+----+------------------+----------+--------------------------------+----------+
5 rows in set (0.00 sec)

mysql> select * from policy_members;
+----+----------+-----------------------------------+--------------------+---------+----------+
| ID | PolicyID | Source                            | Destination        | Comment | Disabled |
+----+----------+-----------------------------------+--------------------+---------+----------+
|  1 |        1 | NULL                              | NULL               | NULL    |        0 |
|  2 |        2 | %internal_ips,%internal_domains   | !%internal_domains | NULL    |        0 |
|  3 |        3 | !%internal_ips,!%internal_domains | %internal_domains  | NULL    |        0 |
|  4 |        4 | %internal_ips,%internal_domains   | %internal_domains  | NULL    |        0 |
|  5 |        5 | @example.net                      | NULL               | NULL    |        0 |
+----+----------+-----------------------------------+--------------------+---------+----------+
5 rows in set (0.00 sec)

mysql> select * from greylisting;
+----+----------+----------------------------+----------------+----------------+--------------+----------------------+------------------------+------------------+---------------------+--------------------+-------------------------+------------------+---------------------+--------------------+-------------------------+---------+----------+
| ID | PolicyID | Name                       | UseGreylisting | GreylistPeriod | Track        | GreylistAuthValidity | GreylistUnAuthValidity | UseAutoWhitelist | AutoWhitelistPeriod | AutoWhitelistCount | AutoWhitelistPercentage | UseAutoBlacklist | AutoBlacklistPeriod | AutoBlacklistCount | AutoBlacklistPercentage | Comment | Disabled |
+----+----------+----------------------------+----------------+----------------+--------------+----------------------+------------------------+------------------+---------------------+--------------------+-------------------------+------------------+---------------------+--------------------+-------------------------+---------+----------+
|  1 |        3 | Greylisting Inbound Emails |              1 |            240 | SenderIP:/24 |               604800 |                  86400 |                1 |              604800 |                100 |                      90 |                1 |              604800 |                100 |                      20 |         |        0 |
+----+----------+----------------------------+----------------+----------------+--------------+----------------------+------------------------+------------------+---------------------+--------------------+-------------------------+------------------+---------------------+--------------------+-------------------------+---------+----------+
1 row in set (0.00 sec)

Is it all right?
What can I do to make sure that greylisting is working properly?

Thx.