Postgrey (Re: impersonating Juan, a quick test)

Fri Jul 19 19:24:14 PDT 2019

On Wed, Jul 17, 2019 at 09:33:54AM -0700, Greg Newby wrote:
> Sorry for my slow response. I purposely waited an extra day+ in case there are any other complaints or signs of trouble. Also, maybe you got a response back form cock.li already?
> 
> This is mostly just my response to Juan, but what's below might be of general interest for anyone who has had trouble getting messages to or from the list:
> 
> On Mon, Jul 15, 2019 at 08:07:48PM -0300, Punk wrote:
> > On Mon, 15 Jul 2019 14:33:41 -0700
> > Greg Newby <gbnewby at pglaf.org> wrote:
> > 
> > 
> > > 
> > > I found lots of log entries where your messages were accepted:
> > > 
> > > Jul 12 13:13:31 mail postgrey[2135]: action=pass, reason=triplet found, client_name=mx1.cock.li, client_address=185.10.68.5, sender=punks at tfwno.gf, recipient=cypherpunks at lists.cpunks.org
> > > 
> > > (185.10.68.5 is mx1.cock.li)
> > > 
> > > The first time a message arrives, the triplet "CLIENT_IP" / "SENDER" / "RECIPIENT" had not been seen before within postgrey's memory. So, it sends a message back to try again later.
> > > And then, a few minutes later, the MTA tries again and the message is delivered.
> > 
> > 
> > 	I see. And how often are the entries in the list of accepted senders removed? How often does postgrey 'forget' about a triplet it had validated? Every few hours? 
> > 
> 
> The man page says it is 35 days.

This would explain why "may be every month", messages are noticeably
"paused" rather than forwarded on through - I've seen this quite a
few times.

Knowing the reason is useful - those "wtf" feelz can be readily set
aside :)

> In your experience, this means that if a message is posted (same triplet of IP, sender, recipient) it should not be greylisted unless 35 days have passed since the prior message was sent.
> 
> One thing that happens a lot with big companies is that they use a bunch of different IP addresses. That creates problems for greylisting, since the triplet is not duplicated, so keeps getting greylisted. I did not see evidence that cock.li is doing this, though: they just have two MX servers, and the addresses seem static.
...