[FUG-BR] Problemas com greylist no postfix

"Fábio Jr." fjuniorlista em gmail.com
Sexta Setembro 24 11:03:26 BRT 2010 

Obg pela resposta Ion,

> Porque 5xx, deve ser 4xx por greylisting?
Não entendi a pergunta. :s

> postconf -n
>    
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
body_checks = regexp:/usr/local/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = scan:[127.0.0.1]:10025
daemon_directory = /usr/local/libexec/postfix
debug_peer_level = 2
default_process_limit = 200
disable_vrfy_command = yes
header_checks = regexp:/usr/local/etc/postfix/header_checks
html_directory = no
mail_owner = postfix
mail_spool_directory = /usr/var/mail
mailbox_size_limit = 500000000
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
maximal_queue_lifetime = 3d
message_size_limit = 10000000

mydestination = /etc/mail/local-host-names

myhostname = mail.xxxxxxxxx.com.br

mynetworks = 127.0.0.0/8

myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /usr/var/spool/postfix
readme_directory = no
receive_override_options = no_address_mappings
recipient_delimiter = +
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $mydomain ESMTP
smtpd_helo_required = yes

smtpd_helo_restrictions =
     permit_mynetworks
     permit_sasl_authenticated
     reject_non_fqdn_hostname
     reject_invalid_hostname
     permit

smtpd_recipient_limit = 80
smtpd_recipient_restrictions =
     check_sender_access hash:/usr/local/etc/postfix/rejected_senders
     check_sender_access hash:/usr/local/etc/postfix/allowed_senders
     reject_unknown_sender_domain
     permit_mynetworks
     permit_sasl_authenticated
     check_sender_access hash:/usr/local/etc/postfix/webmail_accounts
     reject_unauth_destination
     reject_unauth_pipelining
     reject_invalid_hostname
     reject_non_fqdn_sender
     reject_non_fqdn_recipient
     check_sender_access hash:/usr/local/etc/postfix/access
     check_sender_access regexp:/usr/local/etc/postfix/sender.regexp
     check_client_access hash:/usr/local/etc/postfix/allowed_hosts
     check_client_access hash:/usr/local/etc/postfix/ipaccess
     reject_rbl_client list.dsbl.org
     reject_rbl_client dnsbl.njabl.org
     reject_rbl_client bl.spamcop.net
     reject_rbl_client sbl-xbl.spamhaus.org
     reject_unknown_reverse_client_hostname
     check_policy_service unix:private/policy-spf
     check_policy_service inet:127.0.0.1:10031
     permit

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_timeout = 180s
smtpd_tls_CAfile = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_key_file = /usr/local/etc/postfix/ssl/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = /etc/mail/virtual-alias-domains
virtual_alias_maps = hash:/etc/mail/virtusertable

> bzgrep hotmail /var/log/mailog*
>    
Se eu colocasse o bzgrep de todo o meu maillog, daria quase um livro, 
peguei só o ultimo que deu erro. Fiz algumas tentativas pelo hotmail, 
todas retornaram a mesma saída.

Sep 24 09:27:15 xxxxx postfix-policyd-sf: rcpt=6834887, greylist=abuse, 
host=65.55.34.19 (col0-omc1-s9.col0.hotmail.com), 
from=xxxxxxxxx em hotmail.com, to=xxxxxxxxxx em xxxxxxxxxxxx.com.br, size=1235
Sep 24 09:27:15 xxxxx postfix/smtpd[16203]: NOQUEUE: reject: RCPT from 
col0-omc1-s9.col0.hotmail.com[65.55.34.19]: 450 4.7.1 
<xxxxxxxxxx em xxxxxxxxxxxx.com.br>: Recipient address rejected: Policy 
Rejection- Please try later.; from=<xxxxxxxxx em hotmail.com> 
to=<xxxxxxxxxx em xxxxxxxxxxxx.com.br> proto=ESMTP 
helo=<col0-omc1-s9.col0.hotmail.com>

Mesma coisa com o gmail.
> bzgrep gmail.com /var/log/mailog*
>    
Sep 24 01:43:22 xxxxx postfix-policyd-sf: rcpt=6832933, greylist=new, 
host=66.96.240.21 (server.marketingrapido.in), from=xxxxxxxxx em gmail.com, 
to=xxxxxxxxxx em xxxxxxxxxxxx.com, size=242045
Sep 24 01:43:22 xxxxx postfix/smtpd[75218]: NOQUEUE: reject: RCPT from 
server.marketingrapido.in[66.96.240.21]: 450 4.7.1 
<xxxxxxxxxx em xxxxxxxxxxxx.com>: Recipient address rejected: Policy 
Rejection- Please try later.; from=<xxxxxxxxx em gmail.com> 
to=<xxxxxxxxxx em xxxxxxxxxxxx.com> proto=ESMTP 
helo=<server.marketingrapido.in>
Sep 24 09:40:27 xxxxx postfix/smtpd[17484]: NOQUEUE: reject: RCPT from 
mail-wy0-f170.google.com[74.125.82.170]: 554 5.7.1 
<xxxxxxxxxx em xxxxxxxxxxxx.com>: Relay access denied; 
from=<xxxxxxxxx em gmail.com> to=<xxxxxxxxxx em xxxxxxxxxxxx.com> proto=ESMTP 
helo=<mail-wy0-f170.google.com>

Este domínio tem tanto .com, quanto .com.br registrado no meu servidor. 
Ele esta registrado a algum tempo já, e isso começou a ocorrer de ontem 
pra hj, nos dois dominios.
> Qual e o greylisting software que voce usa?
>    
postfix-policyd-spf

[]s

Mais detalhes sobre a lista de discussão freebsd