Re: [Sqlgrey-users] whitelist question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Fri, 16 Feb 2007, John Smith wrote:

> Hello there,
>
> The problem i have, was previously discussed here by Santos and Dave :
> https://sourceforge.net/mailarchive/message.php?msg_id=14790517.
> Unfortunately I didn't find the answer.
>
> So, can someone please say how can I whitelist all the mails comming
> from my country?
>
> The file clients_fqdn_whitelist.local has a single line:
>             *.ro
>
> Note: since I created the clients_fqdn_whitelist.local file above, a lot
> of mails comming from .ro was whitelisted.... but NOT all of them, there
> are still mails rejected and greylisted:
> [root@nst log]# egrep "Feb 14.*licitatie" maillog
> Feb 14 16:40:40 nst sqlgrey: grey: new: 194.102.45.168(194.102.45.168),
> co...@e-... -> axx...@tx...
> Feb 14 16:40:40 nst postfix/smtpd[6389]: NOQUEUE: reject: RCPT from
> unknown[194.102.45.168]: 450 <unknown[194.102.45.168]>: Client host
> rejected: Greylisted for 3 minutes; from=<co...@e-...>
> to=<axx...@tx...> proto=ESMTP helo=<mail.seap.e-licitatie.ro>
>
> Thank you in advance.

Hi John Smith,

*.ro only works for whitelisting if an ip address has a reverse mapping
and the nameservers can be reached and answer in time.

The 3 nameservers for 194.102.45.168 (dig +norec 45.102.194.in-addr.arpa.)

;; AUTHORITY SECTION:
45.102.194.in-addr.arpa.  11h42m21s IN NS  ns.warpnet.ro.
45.102.194.in-addr.arpa.  11h42m21s IN NS  ns1.usv.ro.
45.102.194.in-addr.arpa.  11h42m21s IN NS  ns1.assist.ro.

do not answer queries at the moment:

dig +norecur -x 194.102.45.168 @ns1.usv.ro

; <<>> DiG 8.3 <<>> +norecur -x @ns1.usv.ro
; (1 server found)
;; res options: init defnam dnsrch
;; res_nsend to server ns1.usv.ro  80.96.120.1: Connection timed out

dig +norecur -x 194.102.45.168 @ns.warpnet.ro

; <<>> DiG 8.3 <<>> +norecur -x @ns.warpnet.ro
; (1 server found)
;; res options: init defnam dnsrch
;; res_nsend to server ns.warpnet.ro  217.156.25.1: Connection refused

dig +norecur -x 194.102.45.168 @ns1.assist.ro

; <<>> DiG 8.3 <<>> +norecur -x @ns1.assist.ro
; (1 server found)
;; res options: init defnam dnsrch
;; res_nsend to server ns1.assist.ro  194.102.130.1: Connection timed out

Therefore no reverse mapping exists and whitelisting does not work for
such ip addresses.

Michael Storz
--
======================================================
Leibniz-Rechenzentrum      |    <mailto:St...@lr...>
Boltzmannstr. 1            |    Fax: +49 89 35831-9700
85748 Garching / Germany   |    Tel: +49 89 35831-8840
======================================================