postgrey issue?

HI
I installed postgrey. But I dont receive emails and have waited more than 6 hrs for resend. I have send from gmail as well as my home-ISP to my server.

I changed:

check_policy_service unix:/var/spool/postfix/postgrey/socket
in the postfix config to
check_policy_service unix:postgrey/socket

but that didn’t make a difference.

maillog:

May 24 18:41:39 sv01 postgrey[23791]: 2009/05/24-18:41:39 postgrey (type Net::Server::Multiplex) starting! pid(23791) May 24 18:41:39 sv01 postgrey[23791]: Binding to UNIX socket file /var/spool/postfix/postgrey/socket using SOCK_STREAM May 24 18:41:39 sv01 postgrey[23791]: Setting gid to "498 498" May 24 18:41:39 sv01 postgrey[23791]: Setting uid to "12" May 24 18:41:42 sv01 postfix/postfix-script: refreshing the Postfix mail system May 24 18:41:42 sv01 postfix/master[6791]: reload configuration /etc/postfix May 24 18:41:42 sv01 postfix/qmgr[23814]: warning: bounce_queue_lifetime is larger than maximal_queue_lifetime - adjusting bounce_queue_lifetime

I am supposed to see something like:

Dec 17 21:23:49 jessie postfix/smtpd[6714]: connect from mk-outboundfilter-4-a-1.mail.uk.tiscali.com[212.74.114.8] Dec 17 21:23:49 jessie postfix/smtpd[6714]: NOQUEUE: reject: RCPT from mk-outboundfilter-4-a-1.mail.uk.tiscali.com[212.74.114.8]: 450 4.2.0 <ned@example.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/example.com.html; from=<bob@example.com> to=<ned@example.com> proto=ESMTP helo=<mk-outboundfilter-4-a-1.mail.uk.tiscali.com> Dec 17 21:23:54 jessie postfix/smtpd[6714]: disconnect from mk-outboundfilter-4-a-1.mail.uk.tiscali.com[212.74.114.8]

but I am getting:

May 24 18:43:10 sv01 postfix/smtpd[23844]: connect from mail-ew0-f175.google.com[209.85.219.175] May 24 18:43:10 sv01 postfix/smtpd[23844]: EC1A9D606D9: client=mail-ew0-f175.google.com[209.85.219.175] May 24 18:43:10 sv01 postfix/cleanup[23848]: EC1A9D606D9: message-id=<4A19791C.3060200@gmail.com> May 24 18:43:10 sv01 postfix/qmgr[23814]: EC1A9D606D9: from=<myaccount@gmail.com>, size=1961, nrcpt=1 (queue active) May 24 18:43:16 sv01 postfix/local[23849]: EC1A9D606D9: to=<info-domain.nl@sv01.myserver.nl>, orig_to=<info@domain.nl>, relay=local, delay=5.1, delays=0.04/0.01/0/5.1, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME) May 24 18:43:16 sv01 postfix/qmgr[23814]: EC1A9D606D9: removed

which is a normal delivery without postgrey interfering. However I dont get the message in my box. This shows gmail but its the same for my home-isp…

Apparently I foxed this after looking again at the postfix configuration

May 24 19:04:00 sv01 postfix/smtpd[24849]: connect from mail-ew0-f175.google.com[209.85.219.175] May 24 19:04:00 sv01 postgrey[23791]: action=greylist, reason=new, client_name=mail-ew0-f175.google.com, client_address=209.85.219.175, sender=myaccount@gmail.com, recipient=info@domain.nl May 24 19:04:00 sv01 postfix/smtpd[24849]: NOQUEUE: reject: RCPT from mail-ew0-f175.google.com[209.85.219.175]: 450 4.2.0 <info@domain.nl>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/izidesign.nl.html; from=<myaccount@gmail.com> to=<info@domain.nl> proto=ESMTP helo=<mail-ew0-f175.google.com> May 24 19:04:00 sv01 postfix/smtpd[24849]: disconnect from mail-ew0-f175.google.com[209.85.219.175]

what was needed is to place the

mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
AFTER
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination check_policy_service unix:postgrey/socket permit_mx_backup

Also permit_mx_backup needs to come after the check_policy_service
It seems virtualmin isn’t intelligent enough to place the lines where they should be placed :slight_smile:

so now we can see that gmail re-delivered the messages and it "went through"

May 24 19:11:46 sv01 postfix/smtpd[25066]: connect from mail-ew0-f175.google.com[209.85.219.175] May 24 19:11:46 sv01 postgrey[23791]: action=pass, reason=triplet found, delay=466, client_name=mail-ew0-f175.google.com, client_address=209.85.219.175, sender=myaccount@gmail.com, recipient=info@domain.nl May 24 19:11:46 sv01 postfix/smtpd[25066]: 83F70D606D9: client=mail-ew0-f175.google.com[209.85.219.175] May 24 19:11:46 sv01 postfix/cleanup[25070]: 83F70D606D9: message-id=<4A197DFD.9040304@gmail.com> May 24 19:11:46 sv01 postfix/qmgr[24788]: 83F70D606D9: from=<myaccount@gmail.com>, size=2064, nrcpt=1 (queue active) May 24 19:11:49 sv01 postfix/local[25071]: 83F70D606D9: to=<info-domain.nl@sv01.myserver.nl>, orig_to=<info@domain.nl>, relay=local, delay=3.2, delays=0.05/0.01/0/3.2, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME) May 24 19:11:49 sv01 postfix/qmgr[24788]: 83F70D606D9: removed May 24 19:12:16 sv01 postfix/smtpd[25066]: disconnect from mail-ew0-f175.google.com[209.85.219.175]

But, it is not in my mailbox. So where is it?
Any ideas?

Apparently postfix received 2 mails in the same second.

May 24 19:22:56 sv01 postfix/smtpd[25287]: connect from mail-ew0-f175.google.com[209.85.219.175] May 24 19:22:56 sv01 postfix/smtpd[25290]: connect from 84.123.51.154.dyn.user.ono.com[84.123.51.154]
the google is mine while the other is a client on a different mailbox on the server.

strange this one gets PASS as it is unknown and should have been rejected.
Also this mail, although delivered is no where to be found. I think Postfix got confused as it ran simultaneous with the gmail delivery…

May 24 19:22:57 sv01 postgrey[23791]: action=pass, reason=triplet found, delay=303, client_name=84.123.51.154.dyn.user.ono.com, client_address=84.123.51.154, sender=corded@alberto.ca, recipient=info@otherdomain.eu

Look same number behind postgrey:

May 24 19:31:33 sv01 postgrey[23791]: action=pass, reason=triplet found, client_name=mail-ew0-f175.google.com, client_address=209.85.219.175, sender=myaccount@gmail.com, recipient=info@domain.nl

strange yes? Both emails from different hosts not delivered to different mailboxes.

After retrying another message from gmail to the troubled mailbox, it went through without a hassle. So I consider the above here as an incident.

But what about really busy mailservers? How many messages are then not delivered…or disappear in some black hole

Or am I missing something obvious?

mailbox_command is unrelated to the recipient restrictions, and order of any particular directive isn’t important.

But, the list of smtpd_recipient_restrictions definitely does need to be in a particular order (each test is checked in order, and any negative result will stop the message). It’s interesting that Virtualmin didn’t get it right. That’d be bug-like.

I’m not sure exactly what to make of the rest of the issues…reading over it now.

While Joe’s looking through the rest of the issues, I’ll just mention – if you see something in the mail log mention that it was delivered to procmail, you can always peek at the procmail log (in /var/log/procmail.log) to get an idea of what may have gone awry.

It’ll show the folder/path it delivered to, or any error message that occurred.
-Eric

Yeah, actually I think the answer is going to be in procmail.log, as Eric suggested. I’m not seeing any other good clues here.

thanks. I’ve found the entries. Both messages (from gmail and home-isp) were classified as spam
Dest:/dev/null Mode:Spam
the subject was “postgrey” but I did not enter any body text.
After resending the same subject but with a oneliner in the body, the mail got through. So this is cleared.

However, Procmail has other rules than spamassassin as I told SA to deliver spam normally, but just classify it in the subject [spam]. Procmail seems to just drop it in a blackhole.

this is real spam

From congestings08@psv.com Sun May 24 12:23:43 2009 Subject: [SPAM] If you feel that your manhood is already dead,call us us. Folder: /dev/null 20223 Time:1243160636 From:congestings08@psv.com To:info@domain.nl User:info-domain.nl Size:20223 Dest:/dev/null Mode:Spam

That shouldn’t go to /dev/null before I know mails are indeed spam and I can trust the system…

Also I see that all spam is coming from the VPS I have in USA that is a 3rd nameserver and a backup mailserver only.

Why would a backup server deliver messages to the main server? It is not suppose to do this, right? As it should just hold the messages when the real mailserver is down…

I did, yesterday evening, install postgrey as well on that backup mailserver and the result is great. The amount of spam I got was amazing and today I didn’t receive 1 yet.

So from this long story, there are 2 remaining issues (in bold) to be clarified.

thanks for any help.

Joe, I beg to differ that the mail_command does need to go after the recipient restrictions as only when I did that I got the Postgrey lines in my logs…

That shouldn't go to /dev/null before I know mails are indeed spam and I can trust the system...

So, don’t configure it to send them to /dev/null. That’s not the default. :wink:

Look in Server Configuration->Spam and Virus Delivery. The default is to deliver spam to a .spam mailbox.