How to turn off gre...
 
Notifications
Clear all

How to turn off greylisting?

10 Posts
2 Users
0 Reactions
1,425 Views
 daz
(@daz)
Joined: 3 years ago
Posts: 38
Topic starter  

I'm  trying to remove greylisting all together in my setup as I only see it breaking stuff for me.

I can't find out how to do this though. Anyone have instructions on how to do this?


   
Quote
mgarbo
(@mgarbo)
Joined: 10 years ago
Posts: 61
 
Posted by: @daz

I'm  trying to remove greylisting all together in my setup as I only see it breaking stuff for me.

I can't find out how to do this though. Anyone have instructions on how to do this?

Are you talking about postscreen?

https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen

https://community.zextras.com/what-is-zimbra-postscreen/  

 

This post was modified 2 years ago by stfr

   
ReplyQuote
 daz
(@daz)
Joined: 3 years ago
Posts: 38
Topic starter  
Posted by: @mgarbo
Posted by: @daz

I'm  trying to remove greylisting all together in my setup as I only see it breaking stuff for me.

I can't find out how to do this though. Anyone have instructions on how to do this?

Are you talking about postscreen?

https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen

 

Actually I don't know what part of zimbra does the greylisting part. Might be postscreen.

All I know is greylisting is a problem when getting emails from some providers or MFA codes or password reset links that needs to be done in a short time.

Right now I have services I can not reset password for or login to as the link or code takes to long to come through that the longin/reset time timeouts.

 

Thats why I need to remove greylisting all together. Not sure how to do this, I have googled but I can not find a real answer for it.


   
ReplyQuote
mgarbo
(@mgarbo)
Joined: 10 years ago
Posts: 61
 
Posted by: @daz
Posted by: @mgarbo
Posted by: @daz

I'm  trying to remove greylisting all together in my setup as I only see it breaking stuff for me.

I can't find out how to do this though. Anyone have instructions on how to do this?

Are you talking about postscreen?

https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen

 

Actually I don't know what part of zimbra does the greylisting part. Might be postscreen.

All I know is greylisting is a problem when getting emails from some providers or MFA codes or password reset links that needs to be done in a short time.

Right now I have services I can not reset password for or login to as the link or code takes to long to come through that the longin/reset time timeouts.

 

Thats why I need to remove greylisting all together. Not sure how to do this, I have googled but I can not find a real answer for it.

As zimbra run the following syntax :

zmprov mcf zimbraMtaPostscreenAccessList 'permit, permit_mynetworks'

After that restart mta

Finally verify if postfix config is correctly rewritten:

postconf |grep postscreen_access_list

If nothing has changed probably is defined at server level, then you need to modify by modifyServer zmprov comand.

Remember that postscreen is something that help you to fight spam and bot system, there are different way to fix sending delay ( example whitelist ip etc etcc.. )

I suggest you to read/study postscreen manual https://www.postfix.org/POSTSCREEN_README.html


   
ReplyQuote
 daz
(@daz)
Joined: 3 years ago
Posts: 38
Topic starter  
Posted by: @mgarbo
Posted by: @daz
Posted by: @mgarbo
Posted by: @daz

I'm  trying to remove greylisting all together in my setup as I only see it breaking stuff for me.

I can't find out how to do this though. Anyone have instructions on how to do this?

Are you talking about postscreen?

https://wiki.zimbra.com/wiki/Zimbra_Collaboration_Postscreen

 

Actually I don't know what part of zimbra does the greylisting part. Might be postscreen.

All I know is greylisting is a problem when getting emails from some providers or MFA codes or password reset links that needs to be done in a short time.

Right now I have services I can not reset password for or login to as the link or code takes to long to come through that the longin/reset time timeouts.

 

Thats why I need to remove greylisting all together. Not sure how to do this, I have googled but I can not find a real answer for it.

As zimbra run the following syntax :

zmprov mcf zimbraMtaPostscreenAccessList 'permit, permit_mynetworks'

After that restart mta

Finally verify if postfix config is correctly rewritten:

postconf |grep postscreen_access_list

If nothing has changed probably is defined at server level, then you need to modify by modifyServer zmprov comand.

Remember that postscreen is something that help you to fight spam and bot system, there are different way to fix sending delay ( example whitelist ip etc etcc.. )

I suggest you to read/study postscreen manual https://www.postfix.org/POSTSCREEN_README.html

Will this not allow everyone to send through my server? 

Can you explain to me exactly what this does before I implement it?

 

Right now the config is: postscreen_access_list = permit_mynetworks

 

Regards

Daniel


   
ReplyQuote
mgarbo
(@mgarbo)
Joined: 10 years ago
Posts: 61
 

@daz This will disable postscreen analysis because this told postscreen to trust every connection from internet... postscreen is not postfix .

i suggest you to study postfix : https://www.postfix.org/postconf.5.html#mynetworks

After that try to send an email using telnet and see what happen.


   
ReplyQuote
 daz
(@daz)
Joined: 3 years ago
Posts: 38
Topic starter  
Posted by: @mgarbo

@daz This will disable postscreen analysis because this told postscreen to trust every connection from internet... postscreen is not postfix .

i suggest you to study postfix : https://www.postfix.org/postconf.5.html#mynetworks

After that try to send an email using telnet and see what happen.

But I don't want to trust all networks, I just want to turn off greylisting and still keep all other filters active. Greylisting creates too much problems than it fixes now.


   
ReplyQuote
mgarbo
(@mgarbo)
Joined: 10 years ago
Posts: 61
 

@daz Postscreen = Greylist , the only way to disable it is to whitelist all the network. Please re-read all the topics and manual before proceeding to ask same things.


   
ReplyQuote
 daz
(@daz)
Joined: 3 years ago
Posts: 38
Topic starter  
Posted by: @mgarbo

@daz Postscreen = Greylist , the only way to disable it is to whitelist all the network. Please re-read all the topics and manual before proceeding to ask same things.

Postscreen is so much more than greylisting.It's also DNSBL and I do not want to remove that part of the filters.


   
ReplyQuote
mgarbo
(@mgarbo)
Joined: 10 years ago
Posts: 61
 

@daz Dnsbl can be used directly to postfix, i suggest you to read postfix or zimbra documentation, here an example:

zmprov ms `zmhostname` +zimbraMtaRestriction  'RBL type you want'

Postscreen was implement as first layer of test and protect postfix ( useful if you have a lot of email traffic, small server not need at all ... )

If you want to continue to test postscreen configuration i suggest to try to disable all the postscreen feature https://community.zextras.com/how-to-use-zimbra-postscreen/ and set zimbraMtaPostscreen.*Action to ignore and then enable one at time and test it.

I hope that you can find a good solution for your server.


   
ReplyQuote