Author Topic: No logs in MailFilter and white / black list Postgrey do not work  (Read 2375 times)

imortalis

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +1/-0
    • View Profile
Good afternoon,

I am a zentyal user since version 2.2. I use zentyal as an email server since version 3.5 e everything worked as expected. Since I started with version 4.0, I activate the smtp filter module but the logs for that module don't show.

My current scenario:

Zentyal, latest version, 4.2 as an email server, smtp filter, mail and openchange modules active.

I can see the logs but not for the email filter.

I have configured the greylist but it is not working 100%. It puts the domains that I don't want to be checked and they are still being rejected by the greylist. I have already tried to configure manually in /etc/postgrey/whitelist_clients but everytime I restart the module the config file is modified.

I have tried to add in /usr/share/zentyal/stubs/mail/whitelist_clients.mas but it didn't work.

The rule I want to insert into my whitelist are as follows:

 OVH POOL (Porama, Soaluminio)
188.165.0.0/24
46.105.0.0/24
178.32.0.0/24
178.33.0.0/24
87.98.0.0/24
# @lampatur.com.br
201.76.49.0/24
# @plafesa.pt - @bamesa.com - @zanancho.pt - @sigpse.com (157.56.0.0/24)
104.47.0.0/24
157.55.0.0/24
157.56.0.0/24
# @olmar
94.46.14.249
130.185.80.202
# @sigpse
65.55.169.139
207.46.100.117
# @embalcer.pt
213.134.49.0/24
# @ovarmat.pt - @sobandeiras.pt
81.88.0.0/24

SamE

  • Zen Apprentice
  • *
  • Posts: 31
  • Karma: +2/-0
    • View Profile
Re: No logs in MailFilter and white / black list Postgrey do not work
« Reply #1 on: March 24, 2016, 01:37:04 pm »
I am experiencing the same issue. The whitelist does not seem to have any effect, as some (but not all) emails from whitelisted domains are being rejected. "450 4.2.0 Recipient address rejected: Greylisted"

zakit

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +1/-0
    • View Profile
Re: No logs in MailFilter and white / black list Postgrey do not work
« Reply #2 on: July 05, 2016, 11:17:01 am »
Just been there, got the tshirt too  :o

Executing "service postgrey restart" does nothing. You must kill the service through its pid or restart the machine.
According to this, postgrey has a bug in Ubuntu 12 and 14 (at least). They did fix it during Ubuntu 14, or so it seems.

As a first approach, setting it in /etc/postgrey/whitelist_clients and killing the process + starting the service through "sudo service postgrey start" will give you immediate results.
Just remember to save the final rules in the stub whitelist_clients.mas or else they will go away after reboot.
Editing the stubs via /usr/share/zentyal/stubs/mail/whitelist_clients.mas will have Zentyal overwrite the file /etc/postgrey/whitelist_clients everytime after reboot. So it's always a good idea to set the rules there with the final version of the rules.
This goes the same way for any other setting for any files under the stubs.

Nimbox

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: No logs in MailFilter and white / black list Postgrey do not work
« Reply #3 on: July 06, 2016, 04:26:07 pm »
Good Morning, I have the same problem. Already did zakit's solution(sudo service postgrey start  and added in whitelist_clients.mas) but domain still gets greylisted. I dont find any logical solution than this for domain with dynamic IP.

Help! :-[

« Last Edit: July 06, 2016, 04:35:56 pm by Nimbox »

zakit

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +1/-0
    • View Profile
Re: No logs in MailFilter and white / black list Postgrey do not work
« Reply #4 on: July 06, 2016, 06:52:36 pm »
Did you restart the machine? That proves more effective than killing and starting postgrey.

I also have problems to kill the process. If i kill it it a new one will start right away automatically. I'm a noob on this too.

zakit

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +1/-0
    • View Profile
Re: No logs in MailFilter and white / black list Postgrey do not work
« Reply #5 on: July 08, 2016, 02:05:37 pm »
If you only need to whitelist servers, try point #5. below.
If you need to stop Postgrey for other reasons, read all throughout.

I have further researched into Postgrey in Zentyal. Here's what i've got for Zentyal 2.2.11, on Ubuntu 10.04. Yeah it's that old. But upgrading is such a pain. That's why maybe Zentyal will probably have no future with me in this organization. Also, stuff like this problem we're debating here. On Ubuntu 12 and 14 there are reports of a bug on the postgrey init.d script. But that's another story.

Postgrey is installed on Zentyal with defaults. You open '/etc/default/postgrey' and you see the port 10023 as option. But when you do 'ps -ef | grep postgrey' you see port 60000. So it had to be coming from somewhere. Zentyal, of course.

Stopping Postgrey
Zentyal has set PostGrey on a different way, by running it directly with respawn. Zentyal has a script to stop the default postgrey daemon at boot. And then starts it as a process with it's options and sets respawn on it. Whenever it is killed it is restarted (respawned) automatically.
This script stub is at /usr/share/zentyal/stubs/mail/ebox.postgrey.mas
For this reason, it is practical to make it a daemon.So here's how to do it.

Side effect: If you stop or restart Postgrey by command line, it will not assume the Zentyal Control Panel values. It will assume the defaults at /etc/default/postgrey. That's why we'll change the default daemon config too. Other than for particular reasons, you should normally change postgrey values at the Control Panel. 
To get back to Zentyal's way of doing, we should restart the server. Or find out where's this script and how Zentyal calls it. I haven't found it yet.


1. Check what options are being used for PostGrey
$ ps-ef | grep postgrey
postgrey  8627     1  0 Jul05 ?        00:00:19 /usr/sbin/postgrey --inet 127.0.0.1:60000 --delay=300 --max-age=35 --retry-window=48h

Note: --inet 127.0.0.1:60000 is the same as using --inet=60000.

So i have --inet=60000 --delay=300 --max-age=35 --retry-window=48h



2. Make it a daemon
Let's alter Zentyal stub to change it from a process to daemon.
Open /usr/share/zentyal/stubs/mail/ebox.postgrey.mas

At the end, find
exec /usr/sbin/postgrey --inet <% $address %>:<% $port %>  <% $params %>
respawn


Change it by adding --daemonize --pidfile=/var/run/postgrey.pid and remove respawn by commenting it.
Code: [Select]
exec /usr/sbin/postgrey --inet <% $address %>:<% $port %>  <% $params %> --daemonize --pidfile=/var/run/postgrey.pid
#respawn

Note: So that you know. You'll find that the following line in the script stops the postgrey service.
"invoke-rc.d postgrey stop || true"



3. Alter the default daemon
Now we should alter the defaults to the same settings we have at Zentyal, because if you do end up stopping and restarting, you'll want to have the same options. For some reason you might not want to restart the server, but you get the same functionality.

Go to /etc/default/postgrey
Find POSTGREY_OPTS="--inet=10023"

Change to
Code: [Select]
#POSTGREY_OPTS="--inet=10023"
POSTGREY_OPTS="--inet=60000 --delay=300 --max-age=35 --retry-window=48h"



4. Apply the new config
Restart the server (or find how to use Zentyal's script*). Now you should be able to get service status from postgrey
$sudo service postgrey status
 * postgrey is running


5. Add servers to whitelist
You should use, and if necessary, create /etc/postgrey/whitelist_clients.local file.
Or else Zentyal will overwrite whitelist_clients at boot using the stub /usr/share/zentyal/stubs/mailwhitelist_clients.mas. Using whitelist_clients.local file will make you safe from all that nonsense.
« Last Edit: July 08, 2016, 02:17:19 pm by zakit »

Nimbox

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: No logs in MailFilter and white / black list Postgrey do not work
« Reply #6 on: July 08, 2016, 07:32:30 pm »
Works!!  ;D ;D after reboot