Postgrey (Re: impersonating Juan, a quick test)

Punk punks at tfwno.gf
Mon Jul 15 16:07:48 PDT 2019


On Mon, 15 Jul 2019 14:33:41 -0700
Greg Newby <gbnewby at pglaf.org> wrote:


> 
> I found lots of log entries where your messages were accepted:
> 
> Jul 12 13:13:31 mail postgrey[2135]: action=pass, reason=triplet found, client_name=mx1.cock.li, client_address=185.10.68.5, sender=punks at tfwno.gf, recipient=cypherpunks at lists.cpunks.org
> 
> (185.10.68.5 is mx1.cock.li)
> 
> The first time a message arrives, the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" had not been seen before within postgrey's memory. So, it sends a message back to try again later.
> 
> And then, a few minutes later, the MTA tries again and the message is delivered.


	I see. And how often are the entries in the list of accepted senders removed? How often does postgrey 'forget' about a triplet it had validated? Every few hours? 



> > > If you have a message that doesn't seem to get posted, please forward me the message and I'll mine the logs to see what happened. There are plenty of other possibilities that might cause this, but postgrey is one that we can investigate easily enough.
> > 
> > 	This one took five tries. 
> > 
> > 	https://lists.cpunks.org/pipermail/cypherpunks/2019-July/075571.html
> > 
> > 	(I'm sending you a copy of the original message to your pflag.org address) 
> 
> And I didn't get the copy you sent me directly:


	oh so the same postgrey rules are applied to pflag.org, I see. 


> mail.log:Jul 15 12:19:38 mail postgrey[2135]: action=greylist, reason=new, client_name=unknown, client_address=xxxx, sender=punks at tfwno.gf, recipient=gbnewby at pglaf.org
> 
> the MTA didn't try again! (I.e., there was not a second entry for this triplet, as of 40+ minutes later).


	got it


> 
> 
>  *** ALSO, and this is important: I see at least three different email address you are using. punk@ punks@ and another. All those from punks@ went through to cypherpunks at cpunks.org: none were delayed in the past few days of logs.


	cpunks@ is my only address. cpunk@ is an address somebody else registered and used to send the two messages I mistakenly regarded as 'spoofed'. I don't know what third address you're seeing, but it's not mine. 


> 
> Bottom line: There is some evidence that the cock.li mail transport agents are not working correctly for greylisting, at least not all of the time. If you are in communication with those folks, perhaps you could raise some concerns. You can feel free to put me in touch, if that might help.


	I'll write to them.



> 
> Other Bottom Line: Make sure you use your subscribed address, punks at tfwno.gf, to send to cypherpunks at cpunks.org


	I double checked and cypherpunks at cpunks.org is the address in my address book. However I've sent a lot of messages to cypherpunks at lists.cpunks.org as well. The @lists.cpunks.org address is the one my client picks when I write a reply. I'll try sending everything to @cpunks.org  and see if that makes a difference. 



> 
> 
> And finally, I do see messages of this form in the logs:
> 
> Jul  8 08:28:14 mail postfix/smtp[29664]: 38E7411C603C: host mx1.cock.li[185.10.68.5] refused to talk to me: 421 4.7.0 cock.li Error: too many connections from 65.50.255.19
> 


	So messages from the list to subscribers @ cock.li might get lost...


> This seems to be from when a message to cypherpunks@ is delivered to various addresses hosted there. They have many different domains, and postfix is not smart enough to bundle them all into a single delivery. Result can be a dozen or more connections within just a second or so, which could legitimately trigger some anti-abuse response. Although, again, these should either generate a bounce, or be retried.


	I don't think I've seen that problem though. I mean I'm more or less sure I'm getting all the messages _from_ the list. 



> 
> Sorry for the trouble. It seems there might be some configuration problems (and it's certainly possible that my PGLAF server is not configured quite right!), and also that both cock.li and pglaf.org servers have some relatively unforgiving configurations.

	Thanks a lot for looking into this =)


> 
> Best,
>  Greg
> 



More information about the cypherpunks mailing list