Results 1 to 5 of 5

Thread: Postgrey and Recipient address rejected

  1. #1
    Join Date
    Feb 2006
    Location
    Southern California
    Posts
    49
    Rep Power
    9

    Default Postgrey and Recipient address rejected

    Hello all,

    I was hoping for some assistance with a problem that I'm having while implementing some anti-spam measures. I'm running the 5.05 network version, Ubuntu 6.06. I've followed the wiki article regarding installing postgrey, and have it working somewhat. I've also searched the forums for a few days while testing, but haven't found a solution, though after racking my brain, I think I've found the root of the issue.

    The problem I'm seeing is that when a new, first-time outside account sends my zimbra server an initial message, that user receives the following message.

    ----- The following addresses had permanent fatal errors -----
    <xxx@xxxxxx.com>
    (reason: 550 <xxx@xxxxxx.com>: Recipient address rejected: dmrcom.com)

    Then also get the 450 error stating that the recipient address is rejected and Greylisted.

    DATA
    <<< 450 4.7.1 <xxx@xxxxxx.com>: Recipient address rejected: Greylisted for 145 seconds (see Postgrey - Postfix Greylisting Policy Server)
    <xxx@xxxxxx.com>... Deferred: 450 4.7.1 <xxx@xxxxxx.com>: Recipient address rejected: Greylisted for 145 seconds (see Postgrey - Postfix Greylisting Policy Server)
    <<< 554 5.5.1 Error: no valid recipients
    ... while talking to mail.xxxxxx.com.:
    DATA
    <<< 550 <xxx@xxxxxx.com>: Recipient address rejected: dmrcom.com
    550 5.1.1 <xxx@xxxxxx.com>... User unknown
    <<< 554 Error: no valid recipients

    The issue is that I have a secondary server (mail.xxxxxx.com) that I use for customer relay services only, with an MX record and priority of 20. My production server has an MX record priority of 10 (mail2.xxxxxx.com). What I think is happening is that the initial incoming request gets rejected by the production server with the greylisting message, then the incoming request hits the secondary server which has no accounts on it, hence generating the 550 error.

    These are the posts that I followed up to this point:
    Improving Anti-spam system - Zimbra :: Wiki
    http://www.zimbra.com/forums/adminis...orking-me.html
    http://www.zimbra.com/forums/adminis...-progress.html

    Does anyone have any ideas as to how I can configure my dns to not roll to the secondary (MX=20) server in order to no get the 550 message while greylisting? Regards and thank you in advance.
    - dmrdave

  2. #2
    Join Date
    Feb 2006
    Location
    Southern California
    Posts
    49
    Rep Power
    9

    Default

    What I did at this point as a quick fix, is to remove the MX record (20) of my secondary server which is being used only as a relay server for customers in our network. I'll report back the results. I would still like to know if there are any suggestions as to DNS MX configuration in a multi-server environment for such a scenario.
    - dmrdave

  3. #3
    Join Date
    Feb 2006
    Location
    Southern California
    Posts
    49
    Rep Power
    9

    Default

    Kinda fun having a conversation with myself online. But I digress...

    Following up, removing the MX record wasn't a good idea because of the obvious reason that I need a valid MX record for this relay server to talk to the real world and deliver mail for customers. So what I've done at this point is to close port 25 access from the outside world to the relay server on our firewall. That way, any message bound for my the secondary MX record server (20) inbound from outside servers never gets to it's intended target, and messages are now coming through to my production server. Spam volume has decreased dramatically.

    However, I'm still open to any suggestions as to DNS MX configuration in a multi-server environment for such a scenario (greylisting, relay, etc.)
    - dmrdave

  4. #4
    Join Date
    Aug 2007
    Posts
    21
    Rep Power
    8

    Default

    How about defining the relay server as a MX record for a subdomain rather than your primary domain?

    In DNS form:
    example.com. IN MX 10 mail1.example.com.
    relay.example.com. IN MX 10 mail2.relay.example.com.

    I suppose this could potentially cause problems with reverse dns lookups, but it might be worth trying.

  5. #5
    Join Date
    Feb 2006
    Location
    Southern California
    Posts
    49
    Rep Power
    9

    Default

    Appreciate the response. I'll investigate and test, but yes, I would be concerned about reverse lookups, which is why I added the mx record back in - in the first place.
    - dmrdave

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •