Problems with Policyd - Printable Version +- ispCP - Board - Support (http://www.isp-control.net/forum) +-- Forum: ispCP Omega Support Area (/forum-30.html) +--- Forum: System Setup & Installation (/forum-32.html) +--- Thread: Problems with Policyd (/thread-11389.html) Pages: 1 2 |
Problems with Policyd - GuS - 08-13-2010 11:30 PM Hi! I've recently installed latest Ubuntu with latest ISPcp. Now, after migrating all to this new server, i saw that policyd is blocking own accounts from the server, with something like this: postfix/policyd-weight decided action=550 Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs. Actually there is many others servers in my networks, mostly LTSP, so i saw that policyd also blocks those IPs, which correspond to my network. Any Tip of what is goin on? I've tempory disabled the lines in main.cf of Postfix to avoid these checks. RE: Problems with Policyd - joximu - 08-14-2010 05:28 AM Hm, more infos (from the log and about your hostnames....) may be helpful because there are several reasons why policyd blocks... If it's really because of helo things then helo and PTR(reverse DNS) are not ok. /J RE: Problems with Policyd - GuS - 08-14-2010 05:40 AM (08-14-2010 05:28 AM)joximu Wrote: Hm, more infos (from the log and about your hostnames....) may be helpful because there are several reasons why policyd blocks... My hostname is mail.distalnet.com The log example is: Quote:Aug 12 16:57:08 distal-mx postfix/policyd-weight[5287]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .bomplan. - helo: .atencionpsicologicabuenosaires. - helo-domain: .atencionpsicologicabuenosaires.) FROM_NOT_FAILED_HELO(DOMAIN)=3; <client=72.233.64.31> <helo=atencionpsicologicabuenosaires.com> <from=promociones@bomplan.com.ar> <to=gerardo@distalnet.com>; rate: 1.5 RE: Problems with Policyd - kilburn - 08-14-2010 07:02 AM Setup your clients to use their hostname as the "helo" parameter, not your (public) domain. RE: Problems with Policyd - GuS - 08-14-2010 07:11 AM (08-14-2010 07:02 AM)kilburn Wrote: Setup your clients to use their hostname as the "helo" parameter, not your (public) domain. What do you mean their hostname as "helo"? You mean in imap/pop/smtp configuration in their email clients apps? If you mean that, i don't get "their hostname". IN their client apps i use mail.distalnet.com. Thanks EDIT: here i have another similar: Quote:Aug 13 08:11:11 distal-mx postfix/policyd-weight[5135]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 BOGUS_MX=2.1 CL_IP_NE_HELO=1.5 RESOLVED_IP_IS_NOT_HELO=1.5 (check from: .localhost.localdomain. - helo: .localhost.localdomain. - helo-domain: .localdomain.) MAIL_SEEMS_FORGED=2.5; <client=64.76.16.229> <helo=localhost.localdomain> <from=apache@localhost.localdomain> <to=mariano@distalnet.com>; rate: 3.1 All @distalnet.com correspond to my server users. RE: Problems with Policyd - kilburn - 08-14-2010 07:44 AM If these are "normal" mail clients, then it means that you're not properly setting them up. Specifically, you are not providing any authentication credentials for the smtp configuration (the exact way on how to do this depends on the mail software you use, but usually there's a "this server requires authentication" checkbox around there that must check). This will solve your problem because authenticated clients doesn't need to pass any policyd-weight nor greylisting filter. RE: Problems with Policyd - GuS - 08-14-2010 09:59 AM (08-14-2010 07:44 AM)kilburn Wrote: If these are "normal" mail clients, then it means that you're not properly setting them up. Specifically, you are not providing any authentication credentials for the smtp configuration (the exact way on how to do this depends on the mail software you use, but usually there's a "this server requires authentication" checkbox around there that must check). This will solve your problem because authenticated clients doesn't need to pass any policyd-weight nor greylisting filter. Ahh ok, i believe that is the problem. Now, without using policyd and postgrey, is working anyway... but well, is not the idea to continue like this. Thanks! I will try when back to work next week. RE: Problems with Policyd - joximu - 08-14-2010 07:06 PM I think there are several Mails coming from outside which have not good settings (MX, sender, IP etc). Most will be spam - but you never know. You can incrrease the level of "action deciding" :-) put this in /etc/policyd-weight.conf: $REJECTLEVEL = 8; I did so - since the default of "1" seems to me to be to low... /J RE: Problems with Policyd - GuS - 08-15-2010 01:50 AM (08-14-2010 07:06 PM)joximu Wrote: I think there are several Mails coming from outside which have not good settings (MX, sender, IP etc). The problem is not from the emails that comes from outside. That error comes when a user from my server (from another machine of the local network) tries to send an email (SMTP). RE: Problems with Policyd - joximu - 08-15-2010 07:52 PM Ok, lets try the example from Post 3: MTA helo: atencionpsicologicabuenosaires.com, MTA hostname: 31.64.233.72.static.reverse.ltdomains.com[72.233.64.31] (helo/hostname mismatch) the helo has no correspondance with the ip of the sender... # host atencionpsicologicabuenosaires.com atencionpsicologicabuenosaires.com has address 190.228.29.82 which is not the same as 72.233.64.31. so the MTA which sends the mail should have a hostname which points to his IP. eg. set the hostname on 72.233.64.31 to server1.atencionpsicologicabuenosaires.com and also set the ip of this hostname in the dns zone file to 72.233.64.31... The same in the other example: MTA helo: localhost.localdomain, MTA hostname: server1.asatej.com[64.76.16.229] /Joxi ... or at least set the hostname in the postfix of the sending server... |