[RndTbl] mail server help

Micah Garlich-Miller micahgarlichmiller at gmail.com
Thu Aug 17 10:03:44 CDT 2017 

The ironports were upgraded last night so this may be transitory. in any
case i will forward this thread to the interested parties.

On Thu, Aug 17, 2017 at 9:58 AM Gilbert E. Detillieux <
gedetil at cs.umanitoba.ca> wrote:

> On 17/08/2017 3:22 AM, Trevor Cordes wrote:
> > I just started getting some weirdness with some email sent to my mail
> > servers.  Greylisting "come back later" (451) messages are being
> > interpreted (it appears) by remote MTAs as a 5xx level error, meaning
> they
> > immediately abort send attempts and bounce the email!  I have never seen
> > this before.
> >
> > I've seen it from two separate remote MTAs so far, but from reports I'm
> > getting in, it's happening on more.
> >
> > Here's what I get from umce3cip03.ad.umanitoba.ca:
> >
> > Remote Server returned '554 5.0.0 <[50.71.247.87] #5.0.0 smtp; 5.1.0 -
> > Unknown address error 550-'<foobar at tecnopolis.ca>... 451 4.7.1
> Greylisting
> > in action, please come back later' (delivery attempts: 0)>'
> >
> > On my server sendmail log I see:
> >
> > Aug 16 08:43:15 pog sendmail[14379]: v7GDhFav014379: Milter:
> > to=<foobar at tecnopolis.ca>, reject=451 4.7.1 Greylisting in action,
> please
> > come back later
> >
> > So umce3cip03.ad.umanitoba.ca appears to be taking my 451 and turning it
> > into a 500/554/510 permanent error.
>
> That's very weird...  I hadn't seen that one before.  I'll have to check
> my own server logs, since I use greylisting too.
>
> > I also see this from yahoomail, but that's a different situation because
> > yahoo is always considered "broken mta" in milter-greylist and we must
> > whitelist all of their servers... but, the usual/previous symptom was
> > yahoo would keep retrying as normal, just with a different IP each time,
> > thus never passing greylisting.  And now yahoo is doing the same thing as
> > umce3cip03.ad.umanitoba.ca above (when I haven't yet whitelisted the
> > particular IP that day, grrr):
> >
> > Sorry, we were unable to deliver your message to the following address.
> > <foo at tecnopolis.ca>:
> > 550: <foo at tecnopolis.ca>... 451 4.7.1 Greylisting in action, please
> > come back later
> >
> >
> > So at least 2 MTAs, probably more, are changing 451 greylist into 5xx.
> Is
> > there some new massive change out there to basically take greylist MTAs
> as
> > broken?  Is there a way to find out what MTA (or outsourced service
> > provider) umce3cip03.ad.umanitoba.ca is using?  Perhaps there is just
> one
> > brand that unilaterally decided on this action?
>
> The UofM is using Cisco Ironport servers as the front-end SMTP servers.
> Maybe that will help in your searches...
>
> > I can find no google hits on any of this.  :-(
> >
> > There is an easy workaround/gotcha: if people wait the greylist timeout
> > (usually 2 to 20 minutes) and then resend the same to-from-ip tuple
> email,
> > it will go through as their server will have been whitelisted in the
> > interim!  But that makes it harder to troubleshoot this problem because
> it
> > then becomes transient.
> >
> > If any MUUGers have problems with MUUG mailing lists bouncing, please
> > resend your email after 1 hr if it hasn't showed up yet (you can check
> the
> > website mail list archives section) and/or please email me directly with
> > your bounce email message (twice, wait 20 mins!) so I can solve this for
> > both MUUG servers and my own.
> >
> > If this problem is a) permanent/deliberate, and b) widespread, I think
> > that spells the death of greylisting (grrrrr...) and the nearing of "spf
> > strict" enabling.
>
> As far as the MUUG servers go, I don't think greylisting has been
> terribly effective, so it's not a big deal if we have to disable it.
> OTOH, on my workplace e-mail server, greylisting is sometimes effective
> (some days, it's in 2nd or 3rd place in the summary of rejected e-mail
> causes).
>
> The effectiveness of greylisting does seem to be decreasing over time,
> though.  Many of the more "dedicated" spammers have adjusted to this,
> and now retry.  (You can see that on the days where we're really hit
> hard, and the greylist rejection count actually seems to be lower.)
>
> --
> Gilbert E. Detillieux           E-mail: <gedetil at cs.umanitoba.ca>
> Dept. of Computer Science       Web:
> http://www.cs.umanitoba.ca/~gedetil/
> University of Manitoba          Phone:  (204)474-8161
> Winnipeg MB CANADA  R3T 2N2     Fax:    (204)474-7609
> _______________________________________________
> Roundtable mailing list
> Roundtable at muug.ca
> https://muug.ca/mailman/listinfo/roundtable
>
-- 
Micah Garlich-Miller <micahgarlichmiller at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20170817/3f26030b/attachment-0001.html>

More information about the Roundtable mailing list