Univention Bugzilla – Bug 52348
postgrey: Change default lookup method
Last modified: 2020-11-11 10:47:06 CET
# univention-app info UCS: 4.4-6 errata796 Installed: mailserver=12.0 With "univention-postgrey" we do have an optional method for greylisting emails. postgrey remembers a triplet of: - IP address of sender mailserver - sender email address - recipient email address The first occurance of a triplet will be rejected, the second and all following occurances will be allowed. Unfortunately larger email providers seem to use multiple "mail-out" servers and choose one of these randomly when re-sending an email that was rejected beforehand. Because of this, the IP address of the sending mailserver is different each time and counts as a new triplet, so the email will be rejected again. As an example: Nov 10 08:32:16 1 212.227.17.20 mout.gmx.net foobar@gmx.de sekretariat@schulen.example.org Nov 10 08:37:18 1 212.227.17.22 mout.gmx.net foobar@gmx.de sekretariat@schulen.example.org Nov 10 08:44:51 1 212.227.17.21 mout.gmx.net foobar@gmx.de sekretariat@schulen.example.org -> GMX tried to send this email three times, but it got rejected every single time, because the IP of "mout.gmx.net" changed. Workaround: ucr set mail/postfix/greylisting/lookup=subnet This will use the whole subnet (/24?) of the IP address of the mailserver for the triplet. We should make this the default.