spamd not greylisting for the correct time

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

spamd not greylisting for the correct time

Renaud Allard-2
Hello,

I noticed some strange behavior from spamd in 5.7-stable.
It has been started with '-5 -S 15 -s 1 -G6:24:864' but it seems to add
to the whitelist every server which connects for the second time,
independently from the first parameter in -G.

Here is an example:
# zgrep 217.172.190.133 /var/log/daemon

Sep  2 01:55:58 isildur spamd[8481]: 217.172.190.133: connected (2/1)
Sep  2 01:56:15 isildur spamd[8481]: (GREY) 217.172.190.133:
<[hidden email]> -> <**@**.org>

# spamdb |grep 217.172.190.133
GREY|217.172.190.133|beanplaces.win|<[hidden email]>|<**@**>|1441151775|1441238175|1441238175|1|0
WHITE|217.172.190.133|||1441151758|1441151758|1444262307|1|1

In GREY, the date for first and pass is the same: 1441151775 (Wed Sep  2
01:56:15 CEST 2015)
In WHITE, it's the same for first and pass too: 1441151758 (Wed Sep  2
01:55:58 CEST 2015)

Has anyone seen this kind of behavior?

Regards

Reply | Threaded
Open this post in threaded view
|

Re: spamd not greylisting for the correct time

Renaud Allard-2
On 09/02/2015 09:07 AM, Renaud Allard wrote:

> Hello,
>
> I noticed some strange behavior from spamd in 5.7-stable.
> It has been started with '-5 -S 15 -s 1 -G6:24:864' but it seems to add
> to the whitelist every server which connects for the second time,
> independently from the first parameter in -G.
>
> Here is an example:
> # zgrep 217.172.190.133 /var/log/daemon
> Sep  2 01:55:58 isildur spamd[8481]: 217.172.190.133: connected (2/1)
> Sep  2 01:56:15 isildur spamd[8481]: (GREY) 217.172.190.133:
> <[hidden email]> -> <**@**.org>
>
> # spamdb |grep 217.172.190.133
>
GREY|217.172.190.133|beanplaces.win|<[hidden email]>|<**@
**>|1441151775|1441238175|1441238175|1|0

>
> WHITE|217.172.190.133|||1441151758|1441151758|1444262307|1|1
>
> In GREY, the date for first and pass is the same: 1441151775 (Wed Sep  2
> 01:56:15 CEST 2015)
> In WHITE, it's the same for first and pass too: 1441151758 (Wed Sep  2
> 01:55:58 CEST 2015)
>
> Has anyone seen this kind of behavior?
>
> Regards
>
>

OK, I have found the issue, or at least solved it. Removing the "log"
statement in pf for the spamd rules resolved that issue.

[demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]