[SOLVED] greylisting is not working

B

bnpps

New Member
Proxmox Subscriber
Sep 16, 2020
6
1
3
24
Good morning,

With default values set (options/Use Greylisting for ipv4, netmask=24) greylisting is not working.
No entries in log.
Also nothing in postgres (Proxmox_ruledb/ cgreylist table).

Any advices what can be checked?

Thank you
 
please post the logs from the pmgpolicy.service.
* greylisting is only active on the internal port of PMG
* whitelisting via GUI->Configuration->Mail Proxy->Whitelist also overrules greylisting
* is SPF enabled? (this also can override greylisting behavior)
 
Hi,

Below you can see the sample:

Sep 16 15:00:11 pmg1 pmgpolicy[1502]: 2020/09/16-15:00:11 Server closing!
Sep 16 15:00:11 pmg1 pmgpolicy[1502]: 2020/09/16-15:00:11 Re-exec server during HUP
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: WARNING: Pid_file created by this same process. Doing nothing.
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: WARNING: Pid_file created by this same process. Doing nothing.
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: 2020/09/16-15:00:12 main (type Net::Server::PreForkSimple) starting! pid(1502)
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: Binding open file descriptors
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: Binding to TCP port 10022 on host 127.0.0.1 with IPv4
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: Reassociating file descriptor 7 with TCP on [127.0.0.1]:10022, using IPv4
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: Group Not Defined. Defaulting to EGID '0'
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: User Not Defined. Defaulting to EUID '0'
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: Setting up serialization via flock
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: Policy daemon (re)started
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: Beginning prefork (5 processes)
Sep 16 15:00:12 pmg1 pmgpolicy[1502]: Starting "5" children
Sep 16 15:02:22 pmg1 pmgpolicy[1502]: starting policy database maintainance (greylist, rbl)
Sep 16 15:02:22 pmg1 pmgpolicy[1502]: end policy database maintainance (25 ms, 1 ms)
Sep 16 15:04:32 pmg1 pmgpolicy[1502]: starting policy database maintainance (greylist, rbl)
Sep 16 15:04:32 pmg1 pmgpolicy[1502]: end policy database maintainance (18 ms, 3 ms)

There are no different entries in log. Only this "restart?" from time to time.
Whitelist contains only one domain.
SPF is enabled (Use SPF = Yes)
 
* hmm - what's the contents of '/etc/postfix/main.cf'?
* could you try restarting postfix additionally?
 
hmm - the policy service is not configured ...:
did you override the postfix main.cf.in configuration template?

probably the simplest check:
* watch the system's journal (`journalctl -f`)
* disable and enable the greylist in the GUI
* check if the postfix service gets reloaded and check that:
Code: 
check_policy_service inet:127.0.0.1:10022
is written to the main.cf (for the setting `smtpd_recipient_restrictions`)
 
Hi,

"did you override the postfix main.cf.in configuration template?"
No, I haven't touched it in any different way than via gui.

"check if the postfix service gets reloaded "
Service has not been reloaded. Nothing happened in log in that moment

Entry is in main.cf, but it was there before also
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
reject_non_fqdn_recipient
check_recipient_access regexp:/etc/postfix/rcptaccess check_sender_access regexp:/etc/postfix/senderaccess check_client_access cidr:/etc/postfix/clientaccess check_policy_service inet:127.0.0.1:10022 reject_unknown_recipient_domain reject_unverified_recipient


Maybe it's not clearly visible here but some parameters at the end are in one line. "check_client_access" is not starting from new line, if it matters.
 
Last edited:
bnpps said:
Maybe it's not clearly visible here but some parameters at the end are in one line.
Click to expand...
sorry my mistake

is it still not working after the postfix restart?
if there's still no log entries from pmgpolicy you could try enabling debug logging for the smtpd (both internal and external) in master.cf.in:
https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmgconfig_template_engine
and
http://www.postfix.org/DEBUG_README.html#verbose
(you need to restart postfix after the changes)
 
Hello,

Sorry for gap but I was out of office.
Finally I've found cause of this problem.
It happened becuase of of configuration mistake.
Ive added our domain to whielist (configuration/mail proxy/Whitelist) as sender and receiver so in fact no checks were performed....

For now greylisting is working properly.
Maybe It will help somebody in future...

Thank you for help. Ticket can be closed
 
Glad you found the cause of the issue.

You can mark a thread as 'SOLVED' - by clicking on the 3 dots '...' above your first post -> Edit Thread -> set the prefix to SOLVED (for the future :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom