On 12 May 2011 19:37, Simon Hobson <[email protected]> wrote: > Alexey Murz Korepov wrote: >>I have using policyd 2.0.10 and have the problem with the very popular >>Russian mail server mail.ru. >> >>When it sends mail to my server, it try to send me the mail from >>different smtp servers with different IP adresses. And my greylisting >>rule always reject mail with "Recipient address rejected: Greylisting >>in effect, please come back later". >> >>For example, it first it try to deliver via f52.mail.ru and got the >>answer "Recipient address rejected: Greylisting in effect, please come >>back later". >>After some time it repeats the attempt from other IP f44.mail.ru and >>got answer "Greylisting in effect" again. >>Third attempt from f93.mail.ru also got this answer. >>They have many servers: f93.mail.ru >>f64.mail.ru >>fallback7.mail.ru >>fallback3.mail.ru >>and many other... >> >>So, the message are not delivered very long time. >> >>Good solution for solve problems like this will be add feature to >>disable greylisting via DNS name of sender IP. For example, I will can >>add %.mail.ru servers to whitelist and solve this problem. > > An easier solution is to select a suitable netmask when adding the > Greylist policy. Typically such server clusters are in a small > network range. > When adding a policy, it's the Track option - next to the pull-down > manu with only Sender IP, you can enter a mask length - and the popup > help suggests /24 is a sane value (which I'd agree with). > > Doing it your way means having to whitelist loads of outfits as you > get complaints - mail.ru are far from alone in using clusters of > outbound mail handlers. Yes, I can add those IP addresses to whitelists, but, as I see, they are from different subnets (94.100.xx.xx, 217.69.xx.xx, etc), and sometimes it changes (mail.ru adds new servers). So periodically I must monitor logs and updates this whitelist.
Will be better to add whitelist via dns name like %.mail.ru, %.gmail.com, etc, because in logs I see the dns name of those IP always with mail.ru suffix. For quicker sql quieries will better to store them in reverse order (ru.mail.%, com.gmail.%) - did you plan to add this feature? We can store it in greylisting_whitelist table like the IP subnets: SenderIP:192.168.0.0/16 SenderHost:ru.mail.% -- С уважением, Алексей Murz Корепов. Email, jabber: [email protected] _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
