Hi, I'm running ISPConfig on a mail server (part of a multi-server setup). Postgrey is running on that machine. The intention is that users can turn of greylisting for their own email address via ISPConfig, but that doesn't work: all incoming mail goes through postgrey. Additionally, it looks like postgrey doesn't read the files in /etc/postgrey/whitelist*, because whatever I change there, *.outlook.com still gets blocked by postgrey. This is what it says in /etc/postfix/main.cf: smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_rbl_client zen.spamhaus.org, check_policy_service unixrivate/policy-spf, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf, permit In /etc/default/postgrey it says: POSTGREY_OPTS="--inet=10023 --delay=60 --whitelist-recipients=/etc/postgrey/whitelist_recipients --whitelist-clients=/etc/postgrey/whitelist_clients --whitelist-recipients=/etc/postgrey/whitelist_recipients.local --whitelist-clients=/etc/postgrey/whitelist_clients.local" This seems to be ignored. In /etc/postfix/mysql-virtual_policy_greylist.cf user = ispconfig password = XXXXXXXXXX dbname = dbispconfig query = SELECT 'greylisting' FROM (SELECT greylisting, source AS email FROM mail_forwarding WHERE server_id = 3 UNION SELECT greylisting, email FROM mail_user WHERE server_id = 3) addresses WHERE addresses.email='%s' AND addresses.greylisting='y' hosts = 127.0.0.1 The mailserver is running Debian Wheezy with ISPConfig 3.1.3. The server has been running for a couple of years, so earlier experiments with the setup and non-fluent upgrades of ISPConfig might cause the current situation. Any ideas on how to I could get postfix/postgrey to listen to the per-user greylisting settings in ISPConfig? And how to get postgrey to read it's config files?
Here is the complete main.cf from a fresh installed Ubuntu system so you can compare it with yours: Code: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = /usr/share/doc/postfix # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2 # TLS parameters smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = server1.example.com alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases myorigin = /etc/mailname mydestination = server1.example.com, localhost, localhost.localdomain relayhost = mynetworks = 127.0.0.0/8 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = all html_directory = /usr/share/doc/postfix/html virtual_alias_domains = virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_rbl_client zen.spamhaus.org, check_recipient_access mysql:/etc/postfix/mysql-virtual_policy_greylist.cf smtpd_tls_security_level = may transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks owner_request_special = no smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth content_filter = amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings
I ran a manual diff on the main.cf file. My version contained Code: check_policy_service unix:private/policy-spf, before greylisting. My version also contained: Code: message_size_limit = 40960000 strict_rfc821_envelopes = yes smtpd_data_restrictions = reject_unauth_pipelining smtpd_delay_reject = yes smtpd_tls_ask_ccert = yes smtpd_tls_auth_only = yes smtp_tls_note_starttls_offer = yes policy-spf_time_limit = 3600s I've taken all of these out now, just to make sure they are not causing the problem. If greylisting behaves normally, I will start adding them again.
It looks like the greylisting config files are still ignored. These two lines should solve the "outlook.com" problem, but they are not read. Code: /^.*\.outbound\.protection\.outlook\.com$/ 40.92.0.0/16 Any ideas on why greylisting doesn't read it's config files?
Ok... found out what was wrong with postgrey. Greylisting did not actually restart on "service postgrey restart" or "/etc/init.d/postgrey restart". Also "start" and "stop" did not what you would expect, so changes in the configuration were never read. Killing the postgrey daemon did the trick. After running for about 6 hours, it looks like postgrey integration with ISPConfig is fixed, too. Reverting to the "default" main.cf seems to have helped, allthough I haven't figured out why. I will try reintegrating the features I took out.