greylisting for hosts with no reverse DNS entry

Hi,

I recently switched my servers from postgrey 1.21 to 1.31 (+
my patch
for distributed greylisting), and noticed a significant
behavioral
difference between both versions.

With 1.21, the client IP is not substituted with its /24
network
address, while it is with 1.31. In the changelog, there is
"don't be
pedantic about wrong reverse-dns entries: it doesn't really
help and it
could affect legitimate mail servers (Andreas Hoedle)"
for 1.23. Is it
related? Is there more information about how it breaks
things?


Cheers,

Nicolas

-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi

Zitat von Nicolas Boullis <nicolas.boullisecp.fr>:

> Hi,
>
> I recently switched my servers from postgrey 1.21 to
1.31 (+ my patch
> for distributed greylisting), and noticed a significant
behavioral
> difference between both versions.
>
> With 1.21, the client IP is not substituted with its
/24 network
> address, while it is with 1.31. In the changelog, there
is "don't be
> pedantic about wrong reverse-dns entries: it doesn't
really help and it
> could affect legitimate mail servers (Andreas
Hoedle)" for 1.23. Is it
> related? Is there more information about how it breaks
things?

No, this is related to the parameter
"lookup-by-subnet" which is on by  
default. You can alter this by using
"lookup-by-host".

Regards

Andreas


-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi

Listaccount wrote:
> Zitat von Nicolas Boullis <nicolas.boullisecp.fr>:
> 
> 
>>Hi,
>>
>>I recently switched my servers from postgrey 1.21 to
1.31 (+ my patch
>>for distributed greylisting), and noticed a
significant behavioral
>>difference between both versions.
>>
>>With 1.21, the client IP is not substituted with its
/24 network
>>address, while it is with 1.31. In the changelog,
there is "don't be
>>pedantic about wrong reverse-dns entries: it doesn't
really help and it
>>could affect legitimate mail servers (Andreas
Hoedle)" for 1.23. Is it
>>related? Is there more information about how it
breaks things?
> 
> 
> No, this is related to the parameter
"lookup-by-subnet" which is on by  
> default. You can alter this by using
"lookup-by-host".

Have you looked at the code, and the do_client_substitutions
function?
The "return ($ip, undef) if $revdns eq 'unknown';"
line disappeared
between 1.21 and 1.31. This is not a matter of parameter.


Cheers,

Nicolas

-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi

Zitat von Nicolas Boullis <nicolas.boullisecp.fr>:

> Listaccount wrote:
>> Zitat von Nicolas Boullis <nicolas.boullisecp.fr>:
>>
>>
>>> Hi,
>>>
>>> I recently switched my servers from postgrey
1.21 to 1.31 (+ my patch
>>> for distributed greylisting), and noticed a
significant behavioral
>>> difference between both versions.
>>>
>>> With 1.21, the client IP is not substituted
with its /24 network
>>> address, while it is with 1.31. In the
changelog, there is "don't be
>>> pedantic about wrong reverse-dns entries: it
doesn't really help and it
>>> could affect legitimate mail servers (Andreas
Hoedle)" for 1.23. Is it
>>> related? Is there more information about how it
breaks things?
>>
>>
>> No, this is related to the parameter
"lookup-by-subnet" which is on by
>> default. You can alter this by using
"lookup-by-host".
>
> Have you looked at the code, and the
do_client_substitutions function?
> The "return ($ip, undef) if $revdns eq
'unknown';" line disappeared
> between 1.21 and 1.31. This is not a matter of
parameter.

Not sure what problem you are trying to solve...

The change log for 1.23 (don't be pedantic about
reverse-dns..) refers  
to a change to get clients in the auto-whitelist even if
they have no  
reverse-dns entry.
The config which decides if the full IP-Adress is used or
the /24  
network to get "nearby" secondary sender is set
with lookup-by-host  
(non-default) or lookup-by-subnet (default).
For the code-line you are missing : Don't know but maybe it
is  
redundant or moved somewhere else.

Regards

Andreas


-- 
Unsubscribe mailto:postgrey-requestlist.ee.ethz.ch?subject=unsubscribe
Archive     http://lists.ee.ethz
.ch/postgrey
WebAdmin    http://lists.ee.ethz
.ch/lsg2.cgi