greylisting, policyd and sasl authenticated users

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
pixelplumber
Advanced member
Advanced member
Posts: 50
Joined: Fri Sep 12, 2014 10:27 pm

greylisting, policyd and sasl authenticated users

Postby pixelplumber » Mon Mar 24, 2014 12:23 am

I see questions along these lines have been asked before.
I have enabled greylisting with policyd as per the wiki entry. It's working and has succesfully reduced inbound spam.
However, I've noticed that it applies the greylisting policy to all users, whether authenticated or not, the zimbra policy in sqlite has an any|any source|destination.
This means however that users logging in via smartphones or laptops from external IPs to submit mail, although authenticated, still get delayed as per the default greylisting policy from the wiki. This is causing confusion.
Can anyone tell me how to edit the settings in postfix or policyd to bypass greylisting for autheticated external users - ie: those not in 'mynetworks'?
The policyd documentation is a bit light on this (most discussion of sasl users seems concerned with quotas module rather than greylisting module).
If I've been able to piece anything together from the link above and the (zimbra/policyd) wiki I'm guessing I have to do something along the lines of:



  • create a policy at a higher priority than the zimbra default?

  • add policy group that filters sasl auth users somehow?

  • add policy group member that has the source|destination configured to opnly capture external sasl users?



Has anyone here sucessfully configured policyd to exclude external authenticated users from greylisting?
Thanks in advance.


avea2003
Posts: 13
Joined: Sat Sep 13, 2014 3:31 am

greylisting, policyd and sasl authenticated users

Postby avea2003 » Mon Mar 24, 2014 5:41 am

First: Link to instal WebUI

Two: read Docs

Three: Try
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1666
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

greylisting, policyd and sasl authenticated users

Postby quanah » Tue Mar 25, 2014 5:57 pm

--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
pixelplumber
Advanced member
Advanced member
Posts: 50
Joined: Fri Sep 12, 2014 10:27 pm

greylisting, policyd and sasl authenticated users

Postby pixelplumber » Wed Apr 09, 2014 11:01 pm

Hi Quanah, that appears to be my issue, cbpolicyd is called before permit_sasl_authenticated users.
Is there a workaround with the MTA config that can execute it after permit_sasl_authenticated? I'm not using quotas at the moment. I don;t mind having to manually fiddle with the config files even if I have to do that after an upgrade each time.
Or should I try and create a new policy that specifies the sasl user in sqlite?
User avatar
quanah
Zimbra Alumni
Zimbra Alumni
Posts: 1666
Joined: Fri Sep 12, 2014 10:33 pm
Contact:

greylisting, policyd and sasl authenticated users

Postby quanah » Thu Apr 10, 2014 11:51 am

Sadly, I don't know a great way to workaround this issue without doing the redesign as noted in 38968. :/
--
Quanah Gibson-Mount
Product Architect, Symas http://www.symas.com/
OpenLDAP Core team http://www.openldap.org/project/
minhhoang
Posts: 28
Joined: Sat Sep 13, 2014 3:14 am

greylisting, policyd and sasl authenticated users

Postby minhhoang » Mon May 26, 2014 11:31 pm

[quote user="pixelplumber"]Hi Quanah, that appears to be my issue, cbpolicyd is called before permit_sasl_authenticated users.
Is there a workaround with the MTA config that can execute it after permit_sasl_authenticated? I'm not using quotas at the moment. I don;t mind having to manually fiddle with the config files even if I have to do that after an upgrade each time.
Or should I try and create a new policy that specifies the sasl user in sqlite?[/QUOTE]
Dear pixelplumber,
Do you find out any solution for this issue? My account on IPAD, and web mail is OK, however all outlook client just receive the message '451 4.7.1 : Sender address rejected: Greylisting in effect, please come back later' and mail got rejected not deferred as I followed wiki configuration.
This happens when outlook client sends mail to new mail address.
Best regards,

Minh.
phoenix
Ambassador
Ambassador
Posts: 26283
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

greylisting, policyd and sasl authenticated users

Postby phoenix » Tue May 27, 2014 12:47 am

[quote user="minhhoang"]Do you find out any solution for this issue?[/QUOTE]The solution is in the changes in the bug report mentioned by Quanah, you'll have to wait for ZCS 8.5.
Regards

Bill

Rspamd: A high performance spamassassin replacement

If you'd like to see this implemented in a future version of ZCS then please vote on Bugzilla entries 97706 & 108168
minhhoang
Posts: 28
Joined: Sat Sep 13, 2014 3:14 am

greylisting, policyd and sasl authenticated users

Postby minhhoang » Tue May 27, 2014 1:42 am

Many thanks phoenix for information. Currently I change to training mode and wait for ZCS 8.5 as you suggest. Can we configure outlook to automatically resend the email because with ipad everything is OK?
Regards,

Minh.
pixelplumber
Advanced member
Advanced member
Posts: 50
Joined: Fri Sep 12, 2014 10:27 pm

greylisting, policyd and sasl authenticated users

Postby pixelplumber » Mon Jun 23, 2014 1:26 am

[quote user="minhhoang"]Many thanks phoenix for information. Currently I change to training mode and wait for ZCS 8.5 as you suggest. Can we configure outlook to automatically resend the email because with ipad everything is OK?
Regards,

Minh.[/QUOTE]

I see there's a version of 8.5 in beta now. I'd love it if someone could roadtest it and tell us if it's fixed the issue. I'm overseas for a few weeks so can't try it until I get back.
essential_mix
Posts: 11
Joined: Sat Sep 13, 2014 3:07 am

greylisting, policyd and sasl authenticated users

Postby essential_mix » Wed Jul 16, 2014 5:06 pm

This bug made policyd greylisting almost completely unusable. From which version this appear? Because it was working on 8.0.3

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 13 guests