[Cialug] Postini and Graylisting

Claus Niesen cniesen at gmx.net
Mon Nov 21 23:16:52 CST 2011 

I'm running my own email server and have been running it with gray listing happily for many years.  Now I'm doing some beta testing for a company that decided to send their emails through Postini and I found out the hard way that I wasn't getting their emails.

Postini (Google) apparently ignores the RFC 5321 Section 4.2.5 & 4.5.4.1 which states that failed emails must be queued and retried.  All I found was one attempt to send the email in my logs.

What are you guys doing?  Are you really adding an exception for the Postini SMTP servers?  If I do white list Postini's IPs how likely is it that I get bombarded with spam through them?

Thanks,
  Claus

Postini info:
http://www.google.com/support/appsecurity/bin/answer.py?hl=en&answer=1396468
http://www.google.com/support/appsecurity/bin/answer.py?answer=141669

My Postfix config:

### Recipient restrictions
#
smtpd_recipient_restrictions =
#       # Reject the request when the client sends SMTP commands ahead of time
#       # without knowing that Postfix actually supports SMTP command
#       # pipelining. This stops mail from bulk mail software that improperly
#       # uses SMTP command pipelining to speed up deliveries.
        reject_unauth_pipelining,
#       # Reject the request when the address in the client RCPT TO command
#       # is not in fully-qualified domain form.
        reject_non_fqdn_recipient
#       # Reject the request when the recipient mail address has no DNS A or
#       # MX record.
        reject_unknown_recipient_domain
#       # don't apply restrictions to local network
        permit_mynetworks,
#       # don't apply restrictions to authenticated users
        permit_sasl_authenticated,
#       # Reject the request unless the following is true:
#       # - the resolved destination address matches $relay_domains or a
#       #   subdomain thereof, and the address contains no sender-specified
#       #   routing (user at elsewhere@domain)
#       # - Postfix is the final destination: any destination that matches
#       #   $mydestination, $inet_interfaces, $virtual_alias_domains, or
#       #   $virtual_mailbox_domains
        reject_unauth_destination
#       # Reject manually blacklisted SMTP servers
        check_client_access cidr:/etc/postfix/blacklist_client_access.cidr
#       # Reject manually blacklisted FROM addresses
        check_sender_access hash:/etc/postfix/blacklist_sender_access
#       # white list recipients (aka disable graylist, black lists)
        check_recipient_access hash:/etc/postfix/access_recipients
#       # Reject the request when the reversed client network address is
#       # listed with an A record under domain.tld
#       # A.k.a the mailserver is blacklisted.
        reject_rbl_client l2.spews.dnsbl.sorbs.net
        reject_rbl_client sbl-xbl.spamhaus.org
#       # Graylist using postgray which listens to localhost port 10023
        check_policy_service inet:127.0.0.1:10023
#       # Permit the remainder
        permit

-- 
 

NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!		
Jetzt informieren: http://www.gmx.net/de/go/freephone

More information about the Cialug mailing list