Re: [Sqlgrey-users] Excessive X-Greylist headers

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 09 Jun 2015 10:49:32 -0400
Alex Regan <mys...@gm...> wrote:

> Hi,
> 
> >>>> X-Greylist: whitelisted by SQLgrey-1.8.0
> >>>
> >>> Is this inbound, outbound, or relayed mail?
> >>
> >> This is from the headers on the destination system. It is received
> >> by our mail relay, where the header is added, then sent to the
> >> destination system where the user reads the mail.
> >
> > You shouldn't be relaying except from trusted systems,
> > so your smtpd_relay_restrictions should include
> > something like "permit_mynetworks", in addition
> > to your check_policy_service that runs sqlgrey.
> > Then relayed mail won't go through sqlgrey.
> > (Use smtpd_recipient_restrictions on older
> > versions of postfix.)
> 
> The check_policy_service is in smtpd_recipient_restrictions. Is that
> not correct?

Yes, that's right.

> 
> The smtpd_relay_restrictions is as follows:
> 
> smtpd_relay_restrictions = permit_mynetworks,
> permit_sasl_authenticated, defer_unauth_destination

I greylist here too.  Keeps more spam out.

> 
> This is on postfix-2.10.
> 
> > Whitelisting via sqlgrey is the wong approach.
> 
> It looks like this was auto-whitelisted, because it has seen this 
> IP/email combination previously, no?

Then it must be that the email is exiting postfix and
passing through amavis and being re-injected back
into postfix.  You'll need to make sure that amavis
is either on a trusted network (127.0.0.1) or
uses lmtp not smtp or has some other way of getting the mail back
into postfix that does not get greylisted.

I'm not really focusing here so I could be off
on the wrong track.  But this is what it looks
like offhand.  (And I don't remember anything about amavis
any more.)

Karl <ko...@me...>
Free Software:  "You don't pay back, you pay forward."
                 -- Robert A. Heinlein