Postgrey (Re: impersonating Juan, a quick test)

[Greg Newby]

On Mon, Jul 15, 2019 at 04:20:13PM -0300, Punk wrote:
> On Sun, 14 Jul 2019 18:30:01 -0700
> Greg Newby <gbnewby at pglaf.org> wrote:
> 
> > In case this helps: Just yesterday I sent a longish message about the server setup for the system that is hosting this cypherpunks@ list.
> 
> 	Yes! Thanks for sharing that info. I found it pretty interesting. 

:)

More below. I bet some other people have run into this type of problem, but might not have realized it is a pattern. I'm sure it is more evident to you, due to your prolific correspondence with cypherpunks at .

> > I've found that there are lots of organizations that do not follow the RFCs for email properly, and do not try again. Lots of banks and ecommerce sites seem to write their own mail transport agent (MTA), and do not try again after getting the postgrey message.
> > 
> > It seems possible this is what's happening to your messages. If your service is using an MTA that doesn't try again - or if it tries again, but from a different IP address - the message might not get through. You should get a bounce saying it couldn't be delivered (anywhere from 30 minutes to 7 days later), but organizations that write their own MTAs might not handle error delivery that well, either.
> 
> 
> 	I don't get any bounce. What happens is, I send a message (using claws mail) and it doesn't make it to the list. I know because I don't a copy of my own message. So I resend after a couple of minutes. Nothing. I resend again after a few more minutes. Nothing. Sometimes the third try works. Sometimes I need to resend one more time. After succesufully sending one message, I can send more messages without having to re-try. It seems as if some sort of filter changes status to "open" after being hit with a few messages in a row. But after some time (a few hours?) it goes back to "closed". (But ocasionally messages will get through at the first try.)
> 

That exactly explains the symptoms of greylisting.

I found lots of log entries where your messages were accepted:

Jul 12 13:13:31 mail postgrey[2135]: action=pass, reason=triplet found, client_name=mx1.cock.li, client_address=185.10.68.5, sender=punks at tfwno.gf, recipient=cypherpunks at lists.cpunks.org

(185.10.68.5 is mx1.cock.li)

The first time a message arrives, the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" had not been seen before within postgrey's memory. So, it sends a message back to try again later.

And then, a few minutes later, the MTA tries again and the message is delivered.

IF one of the triplet elements is changed, it does not immediately get delivered since it gets greylisted again.

BTW, there are subscribers to cypherpunks@ who like to change their email addresses, or add alternate subscription addresses. No problem, but postgrey will not deliver on the first attempt.

> > If you have a message that doesn't seem to get posted, please forward me the message and I'll mine the logs to see what happened. There are plenty of other possibilities that might cause this, but postgrey is one that we can investigate easily enough.
> 
> 	This one took five tries. 
> 
> 	https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075571.html
> 
> 	(I'm sending you a copy of the original message to your pflag.org address) 

And I didn't get the copy you sent me directly:

mail.log:Jul 15 12:19:38 mail postgrey[2135]: action=greylist, reason=new, client_name=unknown, client_address=xxxx, sender=punks at tfwno.gf, recipient=gbnewby at pglaf.org

the MTA didn't try again! (I.e., there was not a second entry for this triplet, as of 40+ minutes later).


 *** ALSO, and this is important: I see at least three different email address you are using. punk@ punks@ and another. All those from punks@ went through to cypherpunks at cpunks.org: none were delayed in the past few days of logs.


> 	If you can easily find something in the postgrey logs that would be great but if it's something more complex requiring more effort then don't worry. Seems like I'm the only one having this issue so it's not a big deal. 
> 

Meanwhile, cock.li's nameserver shows two MX (mail exchange) servers. One of them, mx2.cock.li isn't responding, and there are some pending bounces to other addresses (not yours) that cannot be delivered. mx1 is the primary, though, and that is what your messages seem to be using.

Bottom line: There is some evidence that the cock.li mail transport agents are not working correctly for greylisting, at least not all of the time. If you are in communication with those folks, perhaps you could raise some concerns. You can feel free to put me in touch, if that might help.

Other Bottom Line: Make sure you use your subscribed address, punks at tfwno.gf, to send to cypherpunks at cpunks.org


And finally, I do see messages of this form in the logs:

Jul  8 08:28:14 mail postfix/smtp[29664]: 38E7411C603C: host mx1.cock.li[185.10.68.5] refused to talk to me: 421 4.7.0 cock.li Error: too many connections from 65.50.255.19

This seems to be from when a message to cypherpunks@ is delivered to various addresses hosted there. They have many different domains, and postfix is not smart enough to bundle them all into a single delivery. Result can be a dozen or more connections within just a second or so, which could legitimately trigger some anti-abuse response. Although, again, these should either generate a bounce, or be retried.

Sorry for the trouble. It seems there might be some configuration problems (and it's certainly possible that my PGLAF server is not configured quite right!), and also that both cock.li and pglaf.org servers have some relatively unforgiving configurations.

Best,
 Greg