[RndTbl] mail server help

Thu Aug 17 09:58:36 CDT 2017

On 17/08/2017 3:22 AM, Trevor Cordes wrote:
> I just started getting some weirdness with some email sent to my mail
> servers.  Greylisting "come back later" (451) messages are being
> interpreted (it appears) by remote MTAs as a 5xx level error, meaning they
> immediately abort send attempts and bounce the email!  I have never seen
> this before.
> 
> I've seen it from two separate remote MTAs so far, but from reports I'm
> getting in, it's happening on more.
> 
> Here's what I get from umce3cip03.ad.umanitoba.ca:
> 
> Remote Server returned '554 5.0.0 <[50.71.247.87] #5.0.0 smtp; 5.1.0 -
> Unknown address error 550-'<foobar at tecnopolis.ca>... 451 4.7.1 Greylisting
> in action, please come back later' (delivery attempts: 0)>'
> 
> On my server sendmail log I see:
> 
> Aug 16 08:43:15 pog sendmail[14379]: v7GDhFav014379: Milter:
> to=<foobar at tecnopolis.ca>, reject=451 4.7.1 Greylisting in action, please
> come back later
> 
> So umce3cip03.ad.umanitoba.ca appears to be taking my 451 and turning it
> into a 500/554/510 permanent error.

That's very weird...  I hadn't seen that one before.  I'll have to check 
my own server logs, since I use greylisting too.

> I also see this from yahoomail, but that's a different situation because
> yahoo is always considered "broken mta" in milter-greylist and we must
> whitelist all of their servers... but, the usual/previous symptom was
> yahoo would keep retrying as normal, just with a different IP each time,
> thus never passing greylisting.  And now yahoo is doing the same thing as
> umce3cip03.ad.umanitoba.ca above (when I haven't yet whitelisted the
> particular IP that day, grrr):
> 
> Sorry, we were unable to deliver your message to the following address.
> <foo at tecnopolis.ca>:
> 550: <foo at tecnopolis.ca>... 451 4.7.1 Greylisting in action, please
> come back later
> 
> 
> So at least 2 MTAs, probably more, are changing 451 greylist into 5xx.  Is
> there some new massive change out there to basically take greylist MTAs as
> broken?  Is there a way to find out what MTA (or outsourced service
> provider) umce3cip03.ad.umanitoba.ca is using?  Perhaps there is just one
> brand that unilaterally decided on this action?

The UofM is using Cisco Ironport servers as the front-end SMTP servers. 
Maybe that will help in your searches...

> I can find no google hits on any of this.  :-(
> 
> There is an easy workaround/gotcha: if people wait the greylist timeout
> (usually 2 to 20 minutes) and then resend the same to-from-ip tuple email,
> it will go through as their server will have been whitelisted in the
> interim!  But that makes it harder to troubleshoot this problem because it
> then becomes transient.
> 
> If any MUUGers have problems with MUUG mailing lists bouncing, please
> resend your email after 1 hr if it hasn't showed up yet (you can check the
> website mail list archives section) and/or please email me directly with
> your bounce email message (twice, wait 20 mins!) so I can solve this for
> both MUUG servers and my own.
> 
> If this problem is a) permanent/deliberate, and b) widespread, I think
> that spells the death of greylisting (grrrrr...) and the nearing of "spf
> strict" enabling.

As far as the MUUG servers go, I don't think greylisting has been 
terribly effective, so it's not a big deal if we have to disable it. 
OTOH, on my workplace e-mail server, greylisting is sometimes effective 
(some days, it's in 2nd or 3rd place in the summary of rejected e-mail 
causes).

The effectiveness of greylisting does seem to be decreasing over time, 
though.  Many of the more "dedicated" spammers have adjusted to this, 
and now retry.  (You can see that on the days where we're really hit 
hard, and the greylist rejection count actually seems to be lower.)

-- 
Gilbert E. Detillieux		E-mail:	<gedetil at cs.umanitoba.ca>
Dept. of Computer Science	Web:	http://www.cs.umanitoba.ca/~gedetil/
University of Manitoba		Phone:	(204)474-8161
Winnipeg MB CANADA  R3T 2N2	Fax:	(204)474-7609