1

Topic: 451 error code ?

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

MySQL iRedAdmin-Pro on new release.

Seeing a rejected/delayed email that is valid. 

451 4.7.1 Recipient address rejected: Intended policy rejection, please try again later; from=

Appears several attempts from various outbound servers like this.
outbound.protection.outlook.com[157.56.111.86]


Is this caused by the greylisting?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: 451 error code ?

Yes, this is the response back to the senders SMTP server for greylisting.

3 (edited by pbf343 2016-01-16 04:21:23)

Re: 451 error code ?

copart wrote:

Yes, this is the response back to the senders SMTP server for greylisting.

Thanks for confirming.   So, upgraded with new version and iRedAPD.  Now getting reports of "delayed" email arrival from some users.  In fact, one is reporting up to 19 hours.  Looking at the logs, appears that senders e-mail is hosted via a RackSpace IP but originating via an Outlook.com domain.  I'm thinking this is a sold service via RackSpace for Outlook.  Additionally, it would appear that their system is trying to redeliver quickly and is using a different SMPT (IP) for re-delivery.  Thus, one IP is greylisted and then the next. 

This could also be my misunderstanding of the log data (below) as well.  If so, would you please correct me with what is occurring?

So, can the time and/or number of tries be adjusted in iRedAPD for greylisting?


Jan 13 17:07:27 mail02 postfix/qmgr[32419]: 3C386401828: from=<sending_email@domain-name.tld>, size=869771, nrcpt=1 (queue active)
Jan 13 17:07:30 mail02 postfix/qmgr[32419]: 06D4440182E: from=<sending_email@domain-name.tld>, size=870253, nrcpt=1 (queue active)
Jan 13 17:07:30 mail02 amavis[31680]: (31680-15) Passed CLEAN {RelayedInbound}, [65.55.169.97]:24480 [65.55.169.97] <sending_email@domain-name.tld> -> <local-user@domain-name.tld>, Queue-ID: 3C386401828, Message-ID: <CY1PR12MB0328D4921E9A819AEBB4375DC7CB0@CY1PR12MB0328.namprd12.prod.outlook.com>, mail_id: Svxto2jXI1zx, Hits: -1.9, size: 869768, queued_as: 06D4440182E, 2349 ms
Jan 13 17:24:38 mail02 postfix/smtpd[1413]: NOQUEUE: reject: RCPT from mail-bl2on0092.outbound.protection.outlook.com[65.55.169.92]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-bl2-obe.outbound.protection.outlook.com>
Jan 13 18:24:22 mail02 postfix/smtpd[3720]: NOQUEUE: reject: RCPT from mail-bn1on0064.outbound.protection.outlook.com[157.56.110.64]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-bn1-obe.outbound.protection.outlook.com>
Jan 13 19:23:49 mail02 postfix/smtpd[6100]: NOQUEUE: reject: RCPT from mail-by2on0099.outbound.protection.outlook.com[207.46.100.99]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-by2-obe.outbound.protection.outlook.com>
Jan 13 19:55:58 mail02 postfix/smtpd[7068]: NOQUEUE: reject: RCPT from mail-bn1bon0078.outbound.protection.outlook.com[157.56.111.78]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-bn1-obe.outbound.protection.outlook.com>
Jan 13 20:10:23 mail02 postfix/smtpd[7664]: NOQUEUE: reject: RCPT from mail-bn1on0082.outbound.protection.outlook.com[157.56.110.82]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-bn1-obe.outbound.protection.outlook.com>
Jan 13 20:27:29 mail02 postfix/smtpd[8424]: NOQUEUE: reject: RCPT from mail-bl2on0076.outbound.protection.outlook.com[65.55.169.76]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-bl2-obe.outbound.protection.outlook.com>
Jan 13 20:42:19 mail02 postfix/smtpd[7664]: NOQUEUE: reject: RCPT from mail-by2on0098.outbound.protection.outlook.com[207.46.100.98]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-by2-obe.outbound.protection.outlook.com>
Jan 13 20:58:16 mail02 postfix/smtpd[8426]: NOQUEUE: reject: RCPT from mail-bn1bon0070.outbound.protection.outlook.com[157.56.111.70]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-bn1-obe.outbound.protection.outlook.com>
Jan 13 21:16:13 mail02 postfix/smtpd[9845]: NOQUEUE: reject: RCPT from mail-by2on0063.outbound.protection.outlook.com[207.46.100.63]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-by2-obe.outbound.protection.outlook.com>
Jan 13 21:55:21 mail02 postfix/smtpd[11048]: NOQUEUE: reject: RCPT from mail-bn1bon0086.outbound.protection.outlook.com[157.56.111.86]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-bn1-obe.outbound.protection.outlook.com>
Jan 13 22:10:11 mail02 postfix/smtpd[11048]: NOQUEUE: reject: RCPT from mail-bl2on0065.outbound.protection.outlook.com[65.55.169.65]: 451 4.7.1 <local-user@domain-name.tld>: Recipient address rejected: Intended policy rejection, please try again later; from=<sending_email@domain-name.tld> to=<local-user@domain-name.tld> proto=ESMTP helo=<na01-bl2-obe.outbound.protection.outlook.com>
Jan 13 22:29:12 mail02 postfix/qmgr[32419]: F2736401826: from=<sending_email@domain-name.tld>, size=644522, nrcpt=1 (queue active)
Jan 13 22:29:15 mail02 postfix/qmgr[32419]: 1D315401836: from=<sending_email@domain-name.tld>, size=645006, nrcpt=1 (queue active)
Jan 13 22:29:15 mail02 amavis[8880]: (08880-13) Passed CLEAN {RelayedInbound}, [65.55.169.70]:35223 [65.55.169.70] <sending_email@domain-name.tld> -> <local-user@domain-name.tld>, Queue-ID: F2736401826, Message-ID: <CY1PR12MB032873CC6FC7A9A88A255B5FC7CB0@CY1PR12MB0328.namprd12.prod.outlook.com>, mail_id: TF2NPpggnmHE, Hits: -1.9, size: 644518, queued_as: 1D315401836, 2531 ms

4

Re: 451 error code ?

Hello,

The next reported case shows the same thing with 11 different IPs which are owned by Microsoft and show an "Outlook.com" component in the email origination. 

Does anyone know if this is a new practice by Outlook.com to spray the message via multiple IPs in attempts to get through?

Zhang, is this the reason for the addition of greylisting IPs of outlook, gmail, etc. to bypass greylisting? 


Does anyone know roughly how many mail services/systems still employ greylisting as part of their spam controls?  In other words, is it still wise to use Greylisting?

5

Re: 451 error code ?

Well it is not specific to Outlook.com.   Found a dedicated machine that is blocking delivery.

It blocked 15 times.  Why is this so how and where can it be adjusted?

6

Re: 451 error code ?

Please try script 'spf_to_greylist_whitelists.py' here:
https://bitbucket.org/zhb/iredapd/src/default/tools/

Download it and copy to /opt/iredapd/tools/, then run commands:

cd /opt/iredapd/tools/
python spf_to_greylist_whitelists.py microsoft.com outlook.com

It will query SPF record of specified domain names, then convert found SPF records to IP addresses/networks as greylisting whitelists.

7

Re: 451 error code ?

ZhangHuangbin wrote:

Please try script 'spf_to_greylist_whitelists.py' here:
https://bitbucket.org/zhb/iredapd/src/default/tools/

Download it and copy to /opt/iredapd/tools/, then run commands:

cd /opt/iredapd/tools/
python spf_to_greylist_whitelists.py microsoft.com outlook.com

It will query SPF record of specified domain names, then convert found SPF records to IP addresses/networks as greylisting whitelists.

So once done, visited the System => Greylisting page. There are entries with # AUTO-UPDATE: mircosoft.com & outlook.com like below.
147.243.128.26    # AUTO-UPDATE: microsoft.com
157.55.0.192/26    # Microsoft

65.55.238.129/26    # AUTO-UPDATE: outlook.com
65.55.33.64/28    # AUTO-UPDATE: outlook.com

I assume the AUTO-UPDATE values are the new ones.  Is that accurate?


Does the service need to be restarted by hand?

8

Re: 451 error code ?

pbf343 wrote:
ZhangHuangbin wrote:

Please try script 'spf_to_greylist_whitelists.py' here:
https://bitbucket.org/zhb/iredapd/src/default/tools/

Download it and copy to /opt/iredapd/tools/, then run commands:

cd /opt/iredapd/tools/
python spf_to_greylist_whitelists.py microsoft.com outlook.com

It will query SPF record of specified domain names, then convert found SPF records to IP addresses/networks as greylisting whitelists.

So once done, visited the System => Greylisting page. There are entries with # AUTO-UPDATE: mircosoft.com & outlook.com like below.
147.243.128.26    # AUTO-UPDATE: microsoft.com
157.55.0.192/26    # Microsoft

65.55.238.129/26    # AUTO-UPDATE: outlook.com
65.55.33.64/28    # AUTO-UPDATE: outlook.com

I assume the AUTO-UPDATE values are the new ones.  Is that accurate?


Does the service need to be restarted by hand?

Just saw this post and now see why it was done again in Python.  Thanks
http://www.iredmail.org/forum/topic1042 … roken.html

9

Re: 451 error code ?

pbf343 wrote:

I assume the AUTO-UPDATE values are the new ones.  Is that accurate?

You're right.

pbf343 wrote:

Does the service need to be restarted by hand?

No service needed to be restarted.

10

Re: 451 error code ?

OK - new question related to same issue.


Comcast.net email is being rejected.  It is not in our list from the SPF to mail script.
Is anyone allowing Comcast.net mail into their system?

What is the best solution to get valid e-mail from Comcast.net users into the system but NOT open it up for all their hacks?

11

Re: 451 error code ?

pbf343 wrote:

OK - new question related to same issue.


Comcast.net email is being rejected.  It is not in our list from the SPF to mail script.
Is anyone allowing Comcast.net mail into their system?

What is the best solution to get valid e-mail from Comcast.net users into the system but NOT open it up for all their hacks?

OK little confused now... 
There appear to be a Comcast.net user to one our of local accounts.  It is recorded in amavis entry in maillog. 
How can one sender be getting through and not other senders (not in whitelist or greylist that I can locate)?