-----Ursprungligt meddelande-----
Fren: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Fvr David
Diggles
Skickat: den 27 maj 2012 02:53
Till: misc@openbsd.org
Dmne: Re: spamd greylisting: false positives
This may seem like a dead horse to some by now, but I am disappointed no one
replied to the msg, I supplied the detailed event information with
timestamps, regarding lists.openbsd.org mails not being whitelisted by spamd
when run in greylist mode.
RFC282, 4.5.4.1 Sending Strategy:
The sender MUST delay retrying a particular destination after one
attempt has failed. In general, the retry interval SHOULD be at
least 30 minutes; however, more sophisticated and variable strategies
will be beneficial when the SMTP client can determine the reason for
non-delivery.
Retries continue until the message is transmitted or the sender gives
up; the give-up time generally needs to be at least 4-5 days. The
parameters to the retry algorithm MUST be configurable.
Yet I have been advised not to mess with the default timings with -G option.
It looks to me like the retry intervals of lists.openbsd.org are not
sufficient to get it whitelisted by spamd.
I am well beyond assuming anything, and prepared to learn / accept any
constructive advice.
Can anyone confirm they have the following scenario?
* A clean installed OpenBSD 5.1 configured as a primary MX
* Clean spamd settings, clean /var/db/spamd
* Default spamd with no options
* Default spamlogd with no options
* The pf.conf uses spamd entries from the example pf.conf from etc.tgz
* No manual whitelist entry for lists.openbsd.org
* Incoming from lists.openbsd.org is eventually whitelisted by spamd
I am just trying to learn the cause, and I have been fully prepared to wear
egg on my face if my own configuration is causing the problem. I have not
yet proven this is the case.
I believe I have checked everything anyone suggested to check.
I really don't want my next check be to roll back to 4.9 and see if
lists.openbsd.org will auto whitelist like it previously did.
In hope,
David
On Sat, May 26, 2012 at 01:19:38PM +1000, David Diggles wrote:
> Ok........ I am still not getting emails from lists.openbsd.org (so
> please if you reply, cc to me).
>
> I restarted spamd at this time after deleting /var/db/spamd and
> clearing the bypass tables in pf at this time:
>
> 2012-05-26 02:13:12 # /usr/libexec/spamd
>
> Here is the last message to make it to sendmail from misc:
>
> fgrep from= /var/log/maillog|fgrep owner-misc|tail -1|awk '{print
$1,$2,$3}'
> May 26 01:54:35
>
> The pf rules for spamd I have are taken from the default pf.conf:
>
> pass in on egress inet proto tcp from any to any port = 25 flags S/SA
> rdr-to 127.0.0.1 port 8025 pass in on egress proto tcp from <nospamd>
> to any port = 25 flags S/SA pass in log on egress proto tcp from
> <spamd-white> to any port = 25 flags S/SA pass out log on egress proto
> tcp from any to any port = 25 flags S/S
>
> It is currently Sat May 26 12:54:31 EST 201
>
> Times of passed smtp connections for May 26:
>
> tcpdump -n -e -ttt -r /var/log/pflog 2>&1|fgrep ".25:"|\ fgrep 'May
> 26'|awk '{print $3}'
> 01:14:53.793995
> 04:17:11.846707
> 05:00:19.443080
> 05:15:01.487277
> 07:17:51.114440
> 09:35:58.120098
> 10:14:21.444822
> 11:53:33.611903
>
> So I will skip the first entry when I grep for the ip addresses, with
> a tail +2 because it occurred
> *before* I reset everything.
>
> tcpdump -n -e -ttt -r /var/log/pflog 2>&1|fgrep ".25:"|\ fgrep 'May
> 26'|awk '{print $10}'|tail +2|\ awk -F. '{print
> $1"."$2"."$3"."$4}'|sort -n
> 17.254.6.112
> 74.125.82.47
> 113.172.232.215
> 129.21.208.44
> 202.58.38.80
> 203.59.1.110
> 206.46.252.115
>
> I have the following tables.
>
> pfctl -s Tables
> nospamd
> spamd-white
>
> Confirming against the spamd-white table
>
> pfctl -t spamd-white -Ts
> 17.254.6.112
> 74.125.82.47
> 113.172.232.215
> 129.21.208.44
> 202.58.38.80
> 203.59.1.110
> 206.46.252.115
>
> lists.openbsd.org = 192.43.244.163
>
> So nothing from misc has made it to sendmail since I emptied <nospamd>
> and <spamd-white> on pf.conf
>
> These are all the attempts from lists.openbsd.org since I cleared the
> spamdb and pf tables.
>
> fgrep 192.43.244.163 /var/log/spamd|fgrep 'May 26'
> May 26 02:53:48 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 02:54:00 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 03:00:24 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 03:00:36 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 04:41:24 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 04:41:36 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 05:04:19 skitL spamd[25502]: 192.43.244.163: connected (2/1)
> May 26 05:04:31 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 05:15:24 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 05:15:36 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 05:19:36 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 05:19:48 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 05:26:38 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 05:26:50 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 05:31:10 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 05:31:22 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 05:37:54 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 05:38:06 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 05:43:38 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 05:43:50 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 06:32:55 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 06:33:08 skitL spamd[25502]: 192.43.244.163: disconnected after 13
seconds.
> May 26 07:00:31 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 07:00:43 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 07:29:59 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 07:30:11 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 07:53:46 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 07:53:58 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 08:26:24 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 08:26:36 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 09:14:32 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 09:14:44 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 10:12:59 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 10:13:10 skitL spamd[25502]: 192.43.244.163: disconnected after 11
seconds.
> May 26 11:44:37 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 11:44:49 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
> May 26 11:54:40 skitL spamd[25502]: 192.43.244.163: connected (1/0)
> May 26 11:54:52 skitL spamd[25502]: 192.43.244.163: disconnected after 12
seconds.
Hi again David.
If all the spamd settings are back to default, I would recommend trying to
pinpoint where the problem is.
Just to check if it could be something wrong with the syntax of your pf
rules regarding spamd, just comment them out.
pfctl -f /etc/pf.conf and run for a while and see if you receive any mails.
/Hasse
