[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Spamd, gmail and aol...



On Fri, Apr 07, 2006 at 10:49:06AM -0600, Jeff Ross wrote:
> 
> 
> On Fri, 7 Apr 2006, David Hill wrote:
> 
> >On Fri, Apr 07, 2006 at 09:41:56AM -0600, Jeff Ross wrote:
> >>Hi all,
> >>
> >>I've had several users reporting that mail to them from gmail and aol
> >>accounts has been bouncing.  I finally got my hands on the bounce
> >>messages from one of the gmail messages.  Two were Delivery Status
> >>Notifications like this:
> >>
> >>Delivery to the following recipient has been delayed:
> >>
> >>     fred_(_at_)_openvistas_(_dot_)_net
> >>
> >>Message will be retried for 1 more day(s)
> >>
> >>Technical details of temporary failure:
> >>
> >>TEMP_FAILURE: Could not initiate SMTP conversation with any hosts:
> >>[ a.mx.openvistas.net. (0): Connection dropped]
> >>
> >>culminating in the failure notice of:
> >>
> >>This is an automatically generated Delivery Status Notification
> >>
> >>Delivery to the following recipient failed permanently:
> >>
> >>     fred_(_at_)_openvistas_(_dot_)_net
> >>
> >>Technical details of permanent failure:
> >>TEMP_FAILURE: Probe failed: Server Too Busy
> >>
> >>I have the following gmail servers whitelisted in my /etc/whitelist
> >>
> >>#gmail
> >>64.233.162.192/28   # zproxy gmail
> >>64.233.170.192/28   # rproxy gmail
> >>64.233.182.192/28   # nproxy gmail
> >>64.233.184.192/28   # wproxy gmail
> >>66.249.82.192/28   # xproxy gmail
> >>66.249.92.192/28   # uproxy gmail
> >>216.239.56.240/28   # mproxy gmail
> >>
> >>and, indeed, I don't see _any_ legitimate gmail addresses in spamdb.
> >>Right now there are two separate IP addresses allegedly from gmail
> >>accounts, but imagine my surprise that both resolve to something else
> >>entirely.
> >>
> >>spamdb is running with the system defaults with the exception of the port
> >>/usr/libexec/spamd -v -p 8024 -G 25:4:864 -g
> >>
> >>spamd.conf is using the China, Korea, Bob Beck's trapped list, and my
> >>own personal whitelist and blacklist.
> >>
> >>My next debugging attempt will be to have someone with a gmail account
> >>send mail while I'm running tcpdump on port 25.
> >>
> >>Has anyone else running spamd seen this?  From my qmail logs, I see mail
> >>from gmail servers through March 23, but none since then.
> >>
> >>Thanks,
> >>
> >>Jeff
> >>
> >
> >spamd's whitelist is really a non-blacklist.  If gmail changes what
> >server IP the mail is coming from each time it retries the email, which
> >is bad for greylisting.
> >
> >If you truly want to whitelist them, try something like this:
> >
> ># pf.conf
> >table <mail-white> persist file "/var/mail/whitelist.txt"
> >
> ># put before !<spamd-white> rdr
> >rdr on $ext inet proto tcp from <mail-white> to $ext:0 \
> >       port smtp -> $ext:0 port smtp
> >
> >
> 
> Right, I forgot to add that to my mail.  I'm doing just that.
> 
> table <spamd> persist
> table <spamd-white> persist
> table <whitelist> persist file "/etc/whitelist"
> table <zombies> persist
> 
> #scrub rules
> scrub in on $if_ext all
> scrub out on $if_ext all
> 
> no rdr on { lo0, lo1 } from any to any
> rdr pass on $if_ext proto tcp from <whitelist> to port smtp \
>   -> ($if_ext) port 25
> rdr pass on $if_ext proto tcp from !<spamd-white> to port smtp \
>   -> 127.0.0.1 port 8024
> #rdr on $if_ext inet proto tcp from port 8025 -> 127.0.0.1 port 465
> rdr pass on $if_ext proto tcp from any to any port 8025 -> 127.0.0.1 \
>            port 465
> 
> Thanks for the reply!
> 
> Jeff

Since you are passing -v to spamd, have you grep -i'd /var/log/daemon
for gmail?    

David



Visit your host, monkey.org