1

Topic: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

==== Required information ====
- iRedMail version: 0.8.4
- Store mail accounts in which backend (MySQL):
- Linux/BSD distribution name and version: Ubuntu 12.04 LTS
- Related log if you're reporting an issue:
====

I've a strange issue, i cannot find anything what would be helpful.

I Cant send mail via Mail Clients, like Outlook, via roundcube works fine.

Even disabling greylisting does not work, still the same error.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Excuse me, what's your question/issue?

3

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

sorry,

i just copied the issue in the Topic, my fault.

I can not sent a mail via a Mail Client like MS Outlook, i get followin error message:


SMTP -> FROM SERVER:451 4.7.1 : Recipient address rejected: Greylisting in effect, please come back later
SMTP -> ERROR: RCPT not accepted from server: 451 4.7.1 : Recipient address rejected: Greylisting in effect, please come back later


BUT, via Roundcube, the Web Interface, it works.

I disabled the greylisting in /etc/cluebringer/cluebringer.conf
but it seems that it still works.

I hope i explained it now in a better way.

Thank you.

4

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

*) Do you configure your mail client to perform SMTP AUTH?
*) Could you please show us output of command "postconf -n" to help troubleshoot?

5

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Hi,

- i set the mail client cofig to authetificate the SMPT via User and Password.

- postconf -n

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 4h
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 4h
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhost                                                                                                                               name
mydomain = stratoserver.net
myhostname = h2160490.stratoserver.net
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = h2160490.stratoserver.net
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $myde                                                                                                                               stination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domai                                                                                                                               ns $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps                                                                                                                                $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_doma                                                                                                                               ins $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_se                                                                                                                               nder_restrictions
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf,                                                                                                                                proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:                                                                                                                               mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_n                                                                                                                               on_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc                                                                                                                               /postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_reci                                                                                                                               pient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted                                                                                                                               _recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:                                                                                                                               127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_des                                                                                                                               tination
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, per                                                                                                                               mit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:my                                                                                                                               sql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy                                                                                                                               :mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/c                                                                                                                               atchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains                                                                                                                               .cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

6

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Your Postfix config looks fine.

webbicsug wrote:

I disabled the greylisting in /etc/cluebringer/cluebringer.conf
but it seems that it still works.

How did you disable greylisting? Did you restart Cluebringer service after changed this file?

7

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Hi,

at first i set the greylisting value to 0 and made a service "iredapd restart"

Greylisting module
[Greylisting]
enable=0

then i tried to deactivate the module, i put a # befor the Greylisting in Module to load incl. restart


# Modules to load
modules=<<EOT
Core
AccessControl
CheckHelo
CheckSPF
#Greylisting
Quotas
EOT

everything without impact.

8

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

You should run "/etc/init.d/postfix-cluebringer restart", not iredapd.

9

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Great,

finally that worked. Thank you.

But do you know where could be the problem with the greylisting, i would like to have this feature enabled?

Thank you for helping me.

10

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Greylisting should be fine with default iRedMail settings, authenticated mail user won't be greylisted. Still no idea why it occurs on your server.

Did you modify/update Cluebringer SQL database manually?

11

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

No , never touched it.

Might be that i did something wrong while the installation. I don't know.
We consider to buy the Pro version, what about if we would buy the 99$ Installation Option, would someone garantee me that everything works?

Regards

12

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Could you please show me output of below SQL command?

# mysql -uroot -p
mysql> USE cluebringer;
mysql> SELECT * FROM greylisting \G

Also, If current one is a testing server, is it possible for you to re-install iRedMail on a FRESH, CLEAN server? There's no difference with the paid remote installation support.

13

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Hi,

see below the sql:

*************************** 1. row ***************************
                     ID: 1
               PolicyID: 3
                   Name: Greylisting Inbound Emails
         UseGreylisting: 1
         GreylistPeriod: 240
                  Track: SenderIP:/24
   GreylistAuthValidity: 604800
GreylistUnAuthValidity: 86400
       UseAutoWhitelist: 1
    AutoWhitelistPeriod: 604800
     AutoWhitelistCount: 100
AutoWhitelistPercentage: 90
       UseAutoBlacklist: 1
    AutoBlacklistPeriod: 604800
     AutoBlacklistCount: 100
AutoBlacklistPercentage: 20
                Comment:
               Disabled: 0
*************************** 2. row ***************************
                     ID: 2
               PolicyID: 1
                   Name: Webbics Inbound Policy
         UseGreylisting: 1
         GreylistPeriod: 240
                  Track: SenderIP:/24
   GreylistAuthValidity: 604800
GreylistUnAuthValidity: 86400
       UseAutoWhitelist: 1
    AutoWhitelistPeriod: 604800
     AutoWhitelistCount: 20
AutoWhitelistPercentage: NULL
       UseAutoBlacklist: 1
    AutoBlacklistPeriod: 604800
     AutoBlacklistCount: 50
AutoBlacklistPercentage: NULL
                Comment:
               Disabled: 0
2 rows in set (0.00 sec)

14

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Row 2 makes sense. Looks like you enable greylisting on SASL authenticated mail users. Please disable or remove this rule.
You can either do this with SQL command line directly, or via web interface: httpS://your_server/cluebringer/

15

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Sorry for hijacking the thread but I'm having the exact same issue except the fact that I don't have the second row in the greylisting table. The user in question is authenticating in the server with username/password and TLS.

Thanks in advance.

16

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Hi hferreira,

*) You can always create a new forum topic to ask your question.
*) Please show us output of SQL command described in my post: http://www.iredmail.org/forum/post23366.html#p23366

17

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Here it is:

*************************** 1. row ***************************
                     ID: 1
               PolicyID: 3
                   Name: Greylisting Inbound Emails
         UseGreylisting: 1
         GreylistPeriod: 240
                  Track: SenderIP:/24
   GreylistAuthValidity: 604800
GreylistUnAuthValidity: 86400
       UseAutoWhitelist: 1
    AutoWhitelistPeriod: 604800
     AutoWhitelistCount: 100
AutoWhitelistPercentage: 90
       UseAutoBlacklist: 1
    AutoBlacklistPeriod: 604800
     AutoBlacklistCount: 100
AutoBlacklistPercentage: 20
                Comment:
               Disabled: 0
1 row in set (0.01 sec)

18

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

Hi hferreira,

Could you please show us below info to help troubleshoot:

* config file of Cluebringer (Remove password before posting)
* postconf -n

19

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

ZhangHuangbin wrote:

Hi hferreira,

Could you please show us below info to help troubleshoot:

* config file of Cluebringer (Remove password before posting)
* postconf -n

#
# Server configuration
#
[server]

# Protocols to load
protocols=<<EOT
Postfix
Bizanga
EOT

# Modules to load
modules=<<EOT
Core
AccessControl
CheckHelo
CheckSPF
Greylisting
Quotas
EOT

# User to run this daemon as
user=cluebringer
group=cluebringer

# Filename to store pid of parent process
pid_file=/var/run/cluebringer/cbpolicyd.pid

# Uncommenting the below option will prevent cbpolicyd going into the background
#background=no

# Preforking configuration
#
# min_server        - Minimum servers to keep around
# min_spare_servers    - Minimum spare servers to keep around ready to 
#               handle requests
# max_spare_servers    - Maximum spare servers to have around doing nothing
# max_servers        - Maximum servers alltogether
# max_requests        - Maximum number of requests each child will serve
#
# One may want to use the following as a rough guideline...
# Small mailserver:  2, 2, 4, 10, 1000
# Medium mailserver: 4, 4, 12, 25, 1000
# Large mailserver: 8, 8, 16, 64, 1000
#
#min_servers=4
#min_spare_servers=4
#max_spare_servers=12
#max_servers=25
#max_requests=1000



# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
# 4 - Debugging 
log_level=2

# File to log to instead of stdout
log_file=/var/log/cbpolicyd.log

# Log destination for mail logs...
# main        - Default. Log to policyd's main log mechanism, accepts NO args
# syslog    - log mail via syslog
#            format: log_mail=facility@method,args
#
# Valid methods for syslog:
# native    - Let Sys::Syslog decide
# unix        - Unix socket
# udp        - UDP socket
# stream    - Stream (for Solaris)
#
# Example: unix native
#log_mail=mail@syslog:native
#
# Example: unix socket 
#log_mail=mail@syslog:unix
#
# Example: udp
#log_mail=mail@syslog:udp,127.0.0.1
#
# Example: Solaris 
#log_mail=local0@syslog:stream,/dev/log
#log_mail=maillog
log_mail=mail@syslog:native

# Things to log in extreme detail
# modules     - Log detailed module running information
# tracking     - Log detailed tracking information
# policies     - Log policy resolution
# protocols     - Log general protocol info, but detailed
# bizanga     - Log the bizanga protocol
#
# There is no default for this configuration option. Options can be
# separated by commas. ie. protocols,modules
#
#log_detail=

# IP to listen on, * for all
#host=*
host=127.0.0.1

# Port to run on
port=10031

# Timeout in communication with clients
#timeout=120

# cidr_allow/cidr_deny
# Comma, whitespace or semi-colon separated. Contains a CIDR block to 
# compare the clients IP to.  If cidr_allow or cidr_deny options are 
# given, the incoming client must match a cidr_allow and not match a 
# cidr_deny or the client connection will be closed.
#cidr_allow=0.0.0.0/0
#cidr_deny=



[database]
#DSN=DBI:SQLite:dbname=policyd.sqlite
DSN=DBI:mysql:host=127.0.0.1;database=cluebringer;user=cluebringer;password=xxxx
#DSN=DBI:Pg:database=policyd;host=localhost
#DSN=DBI:_DBC_DBTYPE_:dbname=_DBC_DBNAME_;host=_DBC_DBSERVER_
## Debian
# DB_Type can be one of - pgsql, mysql or sqlite3
# DB_Host is ignored for sqlite3. For pgsql and mysql it should be left 
#         unset or as 'localhost' if you wish to use unix sockets to communicate
#         with the database. To use TCP/IP to connect to a local database set 
#         '127.0.0.1' as the value. Otherwise use the hostname or IP address of 
#         the database server.
# DB_Port is ignored for sqlite3. For pgsql it will default to '5432' and 
#         for mysql the default is '3306'. If you are running your database server
#         on a non-standard port you should set it's value here.
# DB_Name defaults to '/var/lib/cluebringer/cluebringer.db' for sqlite3, if you 
#         wish to use another file for the database set it's full path here and 
#         ensure that the cluebringer user can read and write not only the file
#         but the directory it lives in. For pgsql and mysql this will 
#         default to 'cluebringer', otherwise you should set the name of the 
#         database here.

DB_Type=mysql
DB_Host=127.0.0.1
DB_Port=3306
DB_Name=cluebringer
Username=cluebringer
Password=xxxxxxxxxxxxx


# What do we do when we have a database connection problem
# tempfail    - Return temporary failure
# pass        - Return success
bypass_mode=pass

# How many seconds before we retry a DB connection
bypass_timeout=30



# Access Control module
[AccessControl]
enable=1


# Greylisting module
[Greylisting]
enable=1


# CheckHelo module
[CheckHelo]
enable=1


# CheckSPF module
[CheckSPF]
enable=1


# Quotas module
[Quotas]
enable=1
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = pontoc.pt
myhostname = typhoon.pontoc.pt
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = /etc/mailname
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:1001
virtual_mailbox_base = /data/mailvirtual
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 1001
virtual_transport = dovecot
virtual_uid_maps = static:1001

20

Re: 4.7.1 : Recipient address rejected: Greylisting in effect, please come

I cannot figure it out with your current config. You have greylisting enabled in Cluebringer, and Postfix correctly invokes it in "smtpd_recipient_restrictions". No idea yet, sorry.

Please try to increase log level (log_level=4) in Cluebringer config file and extract related log to help troubleshoot.