I install Postfix 2.6.6 on Centos 6
1) /etc/postfix/postgrey_whitelist_clients.local is
#Clients that should not be greylisted. See postgrey(8).
senderDomain.digital
Restarted postgrey but sometimes the rule is not followed.
Aug 30 17:03:56 host postgrey[15064]: action=greylist, reason=new, client_name=mail-he1eur01on0113.outbound.protection.outlook.com, client_address=104.47.0.113, sender=ffff@senderDomain.digital, recipient=mmmm@recipientDomain.com
Aug 30 17:03:56 host postfix/smtpd[14291]: NOQUEUE: reject: RCPT from
mail-he1eur01on0113.outbound.protection.outlook.com[104.47.0.113]: 450
4.2.0 mmmm@recipientDomain.com: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/recipientDomain.com.html;
from=ffff@senderDomain.digital to=mmmm@recipientDomain.com proto=ESMTP helo=EUR01-HE1-obe.outbound.protection.outlook.com
The problem why I need domain senderDomain.digital to be in white list is that outlook.com responds 10 hours after Postgrey requests confirmation instead of 3 or 4 minutes.
2) Another issue is to fully understand postgrey log
"When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built"
For all rejected messages Postfix log says "Recipient address rejected", I never find something like "Sender address rejected" in cases that is obvious rejection was because the sender, not the recipient.
I guess it does not make sense to add local addresses to whitelist_recipients unless the user wants all received messages (including bulk spam) be delivered
I am monitoring Postgrey with
tail -f /var/log/maillog | grep 'senderDomain.digital'
I've just got another rejection from a know couple sender/recipient
Despite whitelisted domain there were previous action=pass for that couple.
3) Can I manually release that message? I guess I cannot because it has been rejected so I have to wait the second message
4) How can I get the info of how long it takes from 450 "try again later" and resend message?
I don't see in the postfix log when message sent the second time is delivered. I also guess it is not possible because the first message has been removed, only the "triplet" has been recorded.
Sep 2 10:48:29 host postgrey[24084]: action=greylist, reason=new,
client_name=mail-eopbgr40110.outbound.protection.outlook.com,
client_address=40.107.4.110, sender=ffff@senderDomain.digital,
recipient=mmmm@recipientDomain.comSep 2 11:08:04 host postgrey[24084]: action=pass, reason=triplet
found, delay=168918,
client_name=mail-ve1eur01on0130.outbound.protection.outlook.com,
client_address=104.47.1.130, sender=ffff@senderDomain.digital,
recipient=mmmm@recipientDomain.comSep 2 11:48:36 host postgrey[24084]: action=greylist, reason=new,
client_name=mail-ve1eur01on0102.outbound.protection.outlook.com,
client_address=104.47.1.102, sender=ffff@senderDomain.digital,
recipient=mmmm@recipientDomain.com
The only reason of greylisting here (triplet not found) is the IP address.
I've seen today several rejections applied to the same sender. I guess it is because several 450 loops, each one with a different outlook.com IP Address.
I have a list of outlook.com IP ranges I've added to client_whitelist.local (I don't understand why Postgrey doesn't have it. I didn't have this issue with Google or other known mail servers)
Now I am seeing action=pass, reason=client whitelist logs.
They are those retries (I certainly know that because senders are not working at this time).
Anyway I still have some questions I listed earlier like why "senderDomain.digital" is not passed if it is listed in whitelist.local.
Best Answer
I didn't see any reference saying that postgrey can whitelist sender addresses. It only could whitelist email by:
That explains why the email is still greylisted after you put sender address in the
postgrey_whitelist_clients.local
. It only whitelists clients who have a PTR record *.senderdomain.digitalBecause you put postgrey checking in
smtpd_recipient_restriction
parameter.Rejection means that postfix refuses the message (although in this case the rejection is temporary). How can you release a message which is never accepted by postfix?
It depends on the sender side. Some sites resent after just 3-5 minutes, others will take one hour. See your log, there some entries about how long one email has been delayed.