Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Greylisting rejected mail after DATA (Kerio Greylisting)
  •  
SBMT

Messages: 26
Karma: 0
Send a private message to this user
Good morning,

I have an issue with the GreyListing service in Connect. I have a specific sender which is being blocked by the greylisting service, stating:

Greylisting rejected mail after DATA: 450 4.7.1 Please try again later

Now if the Greylisting service of Kerio is off, the mail is delivered properly, but I don't think it's a good permanent solution. The only reason I can think of is if Kerio are "blocking" this specific IP of the sender's server. But then what? I know the sender is genuine, but I cannot find a way to resolve this issue without white-listing the IP myself. And if he has multiple outgoing servers? Do I have to discover them manually myself, after each block?

Someone has some more insight? It would be really appreciated!

Thanks!
S.

More detail via debug logs below.

[28/Aug/2014 09:38:36][3832] {smtps} Task 24789 handler BEGIN
[28/Aug/2014 09:38:36][3832] {smtps} Task 24789 handler starting
[28/Aug/2014 09:38:36][3832] {smtps} SMTP server session begin; client connected from relay20.mailtight.com:34407
[28/Aug/2014 09:38:36][3832] {smtps} Looking up address 103.15.122.29 in DNS blacklist SpamCop...
[28/Aug/2014 09:38:36][3832] {smtps} Address 29.122.15.103.bl.spamcop.net not found in DNS blacklist SpamCop
[28/Aug/2014 09:38:36][3832] {smtps} Looking up address 103.15.122.29 in DNS blacklist SpamHaus SBL-XBL...
[28/Aug/2014 09:38:36][3832] {smtps} Address 29.122.15.103.zen.spamhaus.org not found in DNS blacklist SpamHaus SBL-XBL
[28/Aug/2014 09:38:36][3832] {smtps} Looking up address 103.15.122.29 in DNS blacklist SORBS DNSBL...
[28/Aug/2014 09:38:36][3832] {smtps} Address 29.122.15.103.dnsbl.sorbs.net not found in DNS blacklist SORBS DNSBL
[28/Aug/2014 09:38:36][3832] {smtps} Looking up address 103.15.122.29 in DNS blacklist SORBS RHSBL...
[28/Aug/2014 09:38:36][3832] {smtps} Address 29.122.15.103.rhsbl.sorbs.net not found in DNS blacklist SORBS RHSBL
[28/Aug/2014 09:38:36][3832] {smtps} Looking up address 103.15.122.29 in DNS blacklist WPBL - Weighted Private Block List...
[28/Aug/2014 09:38:36][3832] {smtps} Address 29.122.15.103.db.wpbl.info not found in DNS blacklist WPBL - Weighted Private Block List
[28/Aug/2014 09:38:36][3832] {smtps} Looking up address 103.15.122.29 in DNS blacklist Barracuda Reputation Block List...
[28/Aug/2014 09:38:36][3832] {smtps} Address 29.122.15.103.b.barracudacentral.org not found in DNS blacklist Barracuda Reputation Block List
[28/Aug/2014 09:38:36][3832] {smtps} Delaying SMTP greeting to relay20.mailtight.com:34407 for 25 seconds
[28/Aug/2014 09:39:01][3832] {smtps} Sent SMTP greeting to relay20.mailtight.com:34407
[28/Aug/2014 09:39:01][3832] {smtps} Command EHLO relay20.mailtight.com
[28/Aug/2014 09:39:01][3832] {smtps} Sent reply to EHLO: 250 accjola.quantumpartners.eu ...
[28/Aug/2014 09:39:02][3832] {smtps} Command MAIL FROM:<marks<_at_>mailtight.com> SIZE=1919 BODY=7BIT
[28/Aug/2014 09:39:02][3832] {smtps} Sent reply to MAIL: 250 2.1.0 Sender <marks<_at_>mailtight.com> ok
[28/Aug/2014 09:39:02][3832] {smtps} Command RCPT TO:<yaneka.gauc[at]quantumpartners.eu> ORCPT=rfc822;yaneka.gauc<_at_>quantumpartners.eu
[28/Aug/2014 09:39:02][3832] {smtps} Sent reply to RCPT: 250 2.1.5 Recipient <yaneka.gauci<_at_>quantumpartners.eu> ok (local)
[28/Aug/2014 09:39:02][3832] {smtps} Command DATA
[28/Aug/2014 09:39:03][3832] {smtps} Greylisting rejected mail after DATA: 450 4.7.1 Please try again later
[28/Aug/2014 09:39:03][3832] {smtps} Command QUIT
[28/Aug/2014 09:39:03][3832] {smtps} SMTP server session end
[28/Aug/2014 09:39:03][3832] {smtps} Task 24789 handler END

[Updated on: Thu, 28 August 2014 10:01]

  •  
Lukas Petrlik (Kerio)

Messages: 117
Karma: 7
Send a private message to this user
Could you please retry it with the Greylisting debug log messages turned on? Thanks.
  •  
SBMT

Messages: 26
Karma: 0
Send a private message to this user
Hi Lukas, thanks for your message.

After you replied, I switched on the debug logs for grey listing, and this time it went through. Could it be that something happened at the grey listing service since my message? All the messages from this specific sender were being blocked by grey listing for the last 10 days at least. Only after I posted this message it worked!

Some more information would be helpful, as if nothing changed, the service could be "unreliable"...


Grey Listing Portion:
[28/Aug/2014 12:58:17][3564] {greylist} Greylisting: testing mail from "js@mailtight.com" to "yaneka.gauc<_at_>quantumpartners.eu" sent by 103.15.122.29.
[28/Aug/2014 12:58:17][3564] {greylist} Greylisting: Kerio Connect sent "GREYL 103.15.122.29 BNny3z1EtZGIX4U/HulYLg==" over TLS.
[28/Aug/2014 12:58:17][3564] {greylist} Greylisting: service responded "211 Pass" over TLS.
[28/Aug/2014 12:58:17][3564] {greylist} Greylisting is accepting mail, query finished in 218 ms with result "PASS".

Full Logs:
[28/Aug/2014 12:57:50][3564] {smtps} Task 25043 handler BEGIN
[28/Aug/2014 12:57:50][3564] {smtps} Task 25043 handler starting
[28/Aug/2014 12:57:50][3564] {smtps} SMTP server session begin; client connected from relay20.mailtight.com:35656
[28/Aug/2014 12:57:50][3564] {smtps} Looking up address 103.15.122.29 in DNS blacklist SpamCop...
[28/Aug/2014 12:57:50][3564] {smtps} Address 29.122.15.103.bl.spamcop.net not found in DNS blacklist SpamCop
[28/Aug/2014 12:57:50][3564] {smtps} Looking up address 103.15.122.29 in DNS blacklist SpamHaus SBL-XBL...
[28/Aug/2014 12:57:50][3564] {smtps} Address 29.122.15.103.zen.spamhaus.org not found in DNS blacklist SpamHaus SBL-XBL
[28/Aug/2014 12:57:50][3564] {smtps} Looking up address 103.15.122.29 in DNS blacklist SORBS DNSBL...
[28/Aug/2014 12:57:50][3564] {smtps} Address 29.122.15.103.dnsbl.sorbs.net not found in DNS blacklist SORBS DNSBL
[28/Aug/2014 12:57:50][3564] {smtps} Looking up address 103.15.122.29 in DNS blacklist SORBS RHSBL...
[28/Aug/2014 12:57:50][3564] {smtps} Address 29.122.15.103.rhsbl.sorbs.net not found in DNS blacklist SORBS RHSBL
[28/Aug/2014 12:57:50][3564] {smtps} Looking up address 103.15.122.29 in DNS blacklist WPBL - Weighted Private Block List...
[28/Aug/2014 12:57:50][3564] {smtps} Address 29.122.15.103.db.wpbl.info not found in DNS blacklist WPBL - Weighted Private Block List
[28/Aug/2014 12:57:50][3564] {smtps} Looking up address 103.15.122.29 in DNS blacklist Barracuda Reputation Block List...
[28/Aug/2014 12:57:50][3564] {smtps} Address 29.122.15.103.b.barracudacentral.org not found in DNS blacklist Barracuda Reputation Block List
[28/Aug/2014 12:57:50][3564] {smtps} Delaying SMTP greeting to relay20.mailtight.com:35656 for 25 seconds
[28/Aug/2014 12:58:15][3564] {smtps} Sent SMTP greeting to relay20.mailtight.com:35656
[28/Aug/2014 12:58:15][3564] {smtps} Command EHLO relay20.mailtight.com
[28/Aug/2014 12:58:15][3564] {smtps} Sent reply to EHLO: 250 accjola.quantumpartners.eu ...
[28/Aug/2014 12:58:16][3564] {smtps} Command MAIL FROM:<js<_at_>mailtight.com> SIZE=1390 BODY=7BIT
[28/Aug/2014 12:58:16][3564] {smtps} Sent reply to MAIL: 250 2.1.0 Sender <js<_at_>mailtight.com> ok
[28/Aug/2014 12:58:16][3564] {smtps} Command RCPT TO:<yaneka.gauc@quantumpartners.eu> ORCPT=rfc822;yaneka.gauc<_at_>quantumpartners.eu
[28/Aug/2014 12:58:16][3564] {smtps} Sent reply to RCPT: 250 2.1.5 Recipient <yaneka.gauc<_at_>quantumpartners.eu> ok (local)
[28/Aug/2014 12:58:16][3564] {smtps} Command DATA
[28/Aug/2014 12:58:17][3564] {greylist} Greylisting: testing mail from "js@mailtight.com" to "yaneka.gauc<_at_>quantumpartners.eu" sent by 103.15.122.29.
[28/Aug/2014 12:58:17][3564] {greylist} Greylisting: Kerio Connect sent "GREYL 103.15.122.29 BNny3z1EtZGIX4U/HulYLg==" over TLS.
[28/Aug/2014 12:58:17][3564] {greylist} Greylisting: service responded "211 Pass" over TLS.
[28/Aug/2014 12:58:17][3564] {greylist} Greylisting is accepting mail, query finished in 218 ms with result "PASS".
[28/Aug/2014 12:58:17][3564] {smtps} 1393 bytes received in command DATA
[28/Aug/2014 12:58:17][3564] {smtps} Message accepted for delivery
[28/Aug/2014 12:58:17][3564] {smtps} Command QUIT
[28/Aug/2014 12:58:17][3564] {smtps} SMTP server session end
[28/Aug/2014 12:58:17][3564] {smtps} Task 25043 handler END
  •  
Lukas Petrlik (Kerio)

Messages: 117
Karma: 7
Send a private message to this user
When Greylisting is turned on, a message from unknown source is first temporarily rejected. To pass through Greylisting, a second delivery attempt must be made.

Unfortunately, in your case there was just a single delivery attempt from the sending SMTP server on 08/12, 08/27 and on 08/28. Since it failed to try again (in contrary to the SMTP specification), Greylisting had no chance to recognize that the sender is not a spammer.

Today the sending server sent two emails with the same sender and recipient (on 9:54 and on 12:58) resulting in approval of the delivery of the latter message by Greylisting. A successful delivery also opens a time window for immediate delivery of further messages from the same IP addresses.

I'd recommend to add the non-conformat sender to the Grelylisting whitelist ("Do not apply greylisting on connections from ...").
  •  
SBMT

Messages: 26
Karma: 0
Send a private message to this user
Thank you very much for the detailed information.

Now I understand that the first block was the "normal first block" and not blocked on the type of data being transmitted.

I have contacted the sender, I did not suspect they are not complying with specifications, so I incorrectly blamed the grey listing.

Thanks again for your help, truly appreciated.
Previous Topic: Kerio Connect Footer
Next Topic: Server footer not updated when OpenLDAP attribute changed.
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Aug 23 00:36:37 CEST 2017

Total time taken to generate the page: 0.00436 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.