sqlgrey-users

[Sqlgrey-users] nproxy.gmail.com

[Klaus A. S. <kse...@gm...>]

Hi SQLgrey Users,

SPF for Gmail lists /^[mnrwz]proxy\.gmail\com$/ as outgoing MTAs for
gmail.com, and I have listed those hosts in
clients_fqdn_whitelist.local -- no problem.

However, lately I have seen a bunch of hosts with IP addresses in one
of Google's IP blocks that HELOs as nproxy.gmail.com.  Their reverse
DNS reolves to nproxy.gmail.com, but the IP addresses are not listed
for nproxy.gmail.com so Postfix skips the name entirely.

My SQLgrey table now has 9 IP addresses (min 64.233.182.192, max
64.233.182.207) associated with the same sender and recipient, and
Gmail keeps trying delivering, but gets greylisted each time because
it tries from another IP address each time, which causes a
considerable delay.

Perhaps Google's BOfHs has made a typo somewhere, because
nproxy.gmail.com has the IP addresses 64.233.183.192-207, perhaps not.
 If the current hosts that HELO as nproxy.gmail.com all lie within the
range 64.233.182.192-207 (i.e., 182 instead of 183), then eventually
mail will get through but the delay is annoying.

Do I have a better choice than putting e.g. 64.233.182.192-207 in my
clients_ip_whitelist.local file?

Has anyone else on the list experienced this?

Cheers,

--=20
Klaus Alexander Seistrup
Copenhagen =B7 Denmark
http://seistrup.dk/

Re: [Sqlgrey-users] nproxy.gmail.com

[Lionel B. <lio...@bo...>]

Klaus Alexander Seistrup wrote:

>Hi SQLgrey Users,
>
>SPF for Gmail lists /^[mnrwz]proxy\.gmail\com$/ as outgoing MTAs for
>gmail.com, and I have listed those hosts in
>clients_fqdn_whitelist.local -- no problem.
>
>However, lately I have seen a bunch of hosts with IP addresses in one
>of Google's IP blocks that HELOs as nproxy.gmail.com.  Their reverse
>DNS reolves to nproxy.gmail.com, but the IP addresses are not listed
>for nproxy.gmail.com so Postfix skips the name entirely.
>
>My SQLgrey table now has 9 IP addresses (min 64.233.182.192, max
>64.233.182.207) associated with the same sender and recipient, and
>Gmail keeps trying delivering, but gets greylisted each time because
>it tries from another IP address each time, which causes a
>considerable delay.
>  
>

Annoying, to say the least.

>Perhaps Google's BOfHs has made a typo somewhere, because
>nproxy.gmail.com has the IP addresses 64.233.183.192-207, perhaps not.
>  
>

They probably made a typo.

> If the current hosts that HELO as nproxy.gmail.com all lie within the
>range 64.233.182.192-207 (i.e., 182 instead of 183), then eventually
>mail will get through but the delay is annoying.
>
>Do I have a better choice than putting e.g. 64.233.182.192-207 in my
>clients_ip_whitelist.local file?
>  
>

From the look of the whois requests I did, you could probably put

64.233.183 in clients_ip_whitelist.local (google registered 64.233.160.0/19 anyway)

Cheers,

Lionel

Re: [Sqlgrey-users] nproxy.gmail.com

[Klaus A. S. <kse...@gm...>]

Lionel Bouton wrote:

>> Perhaps Google's BOfHs has made a typo somewhere, because
>> nproxy.gmail.com has the IP addresses 64.233.183.192-207, perhaps not.
>=20
> They probably made a typo.

I hope so.

> 64.233.183 in clients_ip_whitelist.local (google registered 64.233.160.0/=
19
> anyway)

Rather 64.233.182.  64.233.183 is covered by the
/^[mnrwz]proxy\.gmail\com$/ regexp, at least as of now, but I get your
point.

Cheers,

--=20
Klaus Alexander Seistrup
Copenhagen =B7 Denmark
http://seistrup.dk/

Re: [Sqlgrey-users] nproxy.gmail.com

[Lionel B. <lio...@bo...>]

Klaus Alexander Seistrup wrote:

>Lionel Bouton wrote:
>
>  
>
>>>Perhaps Google's BOfHs has made a typo somewhere, because
>>>nproxy.gmail.com has the IP addresses 64.233.183.192-207, perhaps not.
>>>      
>>>
>>They probably made a typo.
>>    
>>
>
>I hope so.
>
>  
>
>>64.233.183 in clients_ip_whitelist.local (google registered 64.233.160.0/19
>>anyway)
>>    
>>
>
>Rather 64.233.182.  64.233.183 is covered by the
>/^[mnrwz]proxy\.gmail\com$/ regexp, at least as of now, but I get your
>point.
>  
>

Unless the DNS is answering differently to me (could be),
nproxy.gmail.com does only cover 64.233.182.x addresses.

The fqdn Postfix hands to SQLgrey is the result of a double query: first
a PTR query to get the fqdn (both 62.233.182.... and 64.233.183....
points to nproxy.gmail.com) then it queries the fqdn to check that the
fqdn covers the original IP to be sure that it isn't a simple trick :
this is were 64.233.183 isn't found and Postfix considers the address
unknown.

So /^[mnrwz]proxy\.gmail\com$/ can only match the systems on 62.233.182.x

Am I mistaken?

Lionel

Re: [Sqlgrey-users] nproxy.gmail.com

[Klaus A. S. <kse...@gm...>]

Lionel Bouton wrote:

>>> 64.233.183 in clients_ip_whitelist.local (google registered 64.233.160.=
0/19
>>> anyway)
>>=20
>> Rather 64.233.182.  64.233.183 is covered by the
>> /^[mnrwz]proxy\.gmail\com$/ regexp, at least as of now, but I get
>> your point.
> =20
> Unless the DNS is answering differently to me (could be),
> nproxy.gmail.com does only cover 64.233.182.x addresses.
>=20
> The fqdn Postfix hands to SQLgrey is the result of a double query: first
> a PTR query to get the fqdn (both 62.233.182.... and 64.233.183....
> points to nproxy.gmail.com) then it queries the fqdn to check that the
> fqdn covers the original IP to be sure that it isn't a simple trick :
> this is were 64.233.183 isn't found and Postfix considers the address
> unknown.
>=20
> So /^[mnrwz]proxy\.gmail\com$/ can only match the systems on 62.233.182.x
>=20
> Am I mistaken?

No, not anymore. ;-)  When I sent my original email DNS listed nproxy
as 64.233.183.192-207, but hosts HELOing as nproxy came from address
in 62.233.182.x.  Now it seems DNS has been corrected so that nproxy
has the IP addresses 64.233.182.192-207.  Case solved, I guess.  It
must have been a typo in the Gmail zone file.

Cheers,

--=20
Klaus Alexander Seistrup
Magnetic Ink =B7 Copenhagen =B7 Denmark
http://magnetic-ink.dk/