Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: greylisting, policyd and sasl authenticated users

  1. #1
    Join Date
    Mar 2007
    Posts
    45
    Rep Power
    8

    Default greylisting, policyd and sasl authenticated users

    I see questions along these lines have been asked before.

    I have enabled greylisting with policyd as per the wiki entry. It's working and has succesfully reduced inbound spam.

    However, I've noticed that it applies the greylisting policy to all users, whether authenticated or not, the zimbra policy in sqlite has an any|any source|destination.

    This means however that users logging in via smartphones or laptops from external IPs to submit mail, although authenticated, still get delayed as per the default greylisting policy from the wiki. This is causing confusion.

    Can anyone tell me how to edit the settings in postfix or policyd to bypass greylisting for autheticated external users - ie: those not in 'mynetworks'?

    The policyd documentation is a bit light on this (most discussion of sasl users seems concerned with quotas module rather than greylisting module).

    If I've been able to piece anything together from the link above and the (zimbra/policyd) wiki I'm guessing I have to do something along the lines of:
    • create a policy at a higher priority than the zimbra default?
    • add policy group that filters sasl auth users somehow?
    • add policy group member that has the source|destination configured to opnly capture external sasl users?

    Has anyone here sucessfully configured policyd to exclude external authenticated users from greylisting?

    Thanks in advance.

  2. #2
    Join Date
    Feb 2014
    Location
    Russia, Saint-Peterburg
    Posts
    8
    Rep Power
    1

    Default

    First: Link to instal WebUI
    Two: read Docs
    Three: Try

  3. #3
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  4. #4
    Join Date
    Mar 2007
    Posts
    45
    Rep Power
    8

    Default

    Hi Quanah, that appears to be my issue, cbpolicyd is called before permit_sasl_authenticated users.

    Is there a workaround with the MTA config that can execute it after permit_sasl_authenticated? I'm not using quotas at the moment. I don;t mind having to manually fiddle with the config files even if I have to do that after an upgrade each time.

    Or should I try and create a new policy that specifies the sasl user in sqlite?

  5. #5
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    Sadly, I don't know a great way to workaround this issue without doing the redesign as noted in 38968. :/
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  6. #6
    Join Date
    Jun 2013
    Location
    Vietnam
    Posts
    28
    Rep Power
    2

    Default

    Quote Originally Posted by pixelplumber View Post
    Hi Quanah, that appears to be my issue, cbpolicyd is called before permit_sasl_authenticated users.

    Is there a workaround with the MTA config that can execute it after permit_sasl_authenticated? I'm not using quotas at the moment. I don;t mind having to manually fiddle with the config files even if I have to do that after an upgrade each time.

    Or should I try and create a new policy that specifies the sasl user in sqlite?
    Dear pixelplumber,

    Do you find out any solution for this issue? My account on IPAD, and web mail is OK, however all outlook client just receive the message '451 4.7.1 <test01@abc.com>: Sender address rejected: Greylisting in effect, please come back later' and mail got rejected not deferred as I followed wiki configuration.

    This happens when outlook client sends mail to new mail address.

    Best regards,
    Minh.

  7. #7
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by minhhoang View Post
    Do you find out any solution for this issue?
    The solution is in the changes in the bug report mentioned by Quanah, you'll have to wait for ZCS 8.5.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  8. #8
    Join Date
    Jun 2013
    Location
    Vietnam
    Posts
    28
    Rep Power
    2

    Default

    Many thanks phoenix for information. Currently I change to training mode and wait for ZCS 8.5 as you suggest. Can we configure outlook to automatically resend the email because with ipad everything is OK?

    Regards,
    Minh.

  9. #9
    Join Date
    Mar 2007
    Posts
    45
    Rep Power
    8

    Default

    Quote Originally Posted by minhhoang View Post
    Many thanks phoenix for information. Currently I change to training mode and wait for ZCS 8.5 as you suggest. Can we configure outlook to automatically resend the email because with ipad everything is OK?

    Regards,
    Minh.
    I see there's a version of 8.5 in beta now. I'd love it if someone could roadtest it and tell us if it's fixed the issue. I'm overseas for a few weeks so can't try it until I get back.

  10. #10
    Join Date
    Mar 2013
    Posts
    11
    Rep Power
    2

    Default

    This bug made policyd greylisting almost completely unusable. From which version this appear? Because it was working on 8.0.3

Similar Threads

  1. Authenticated users with zimbra server
    By djnemo in forum Developers
    Replies: 2
    Last Post: 03-13-2014, 09:40 AM
  2. SASL Authenticated Only
    By nvargas in forum Administrators
    Replies: 1
    Last Post: 04-16-2010, 07:58 PM
  3. Replies: 3
    Last Post: 04-09-2010, 12:26 PM
  4. Replies: 39
    Last Post: 12-07-2007, 06:09 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •