milter-greylist not blacklisting
1 view
Skip to first unread message
Gary Aitken
Sep 18, 2025, 10:47:04 PM (5 days ago) Sep 18
to FreeBSD Mailing List
I have the following set in /usr/local/etc/greylist.conf:
racl blacklist domain /.*\.cn$/
but I am still seeing messages delivered after greylisting:
Return-Path: <reportf...@service.imrmyih.cn>
Received: from service.imrmyih.cn ([160.30.55.96])
Received: from 263.com (43.164.135.245) by service.imrmyih.cn ... (envelope-from <reportf...@service.imrmyih.cn>)
From: "visajapan" <reportf...@service.imrmyih.cn>
Message-ID: <2025091904...@service.imrmyih.cn>
X-Greylist: inspected by milter-greylist-4.6.4 ... for IP:'160.30.55.96' DOMAIN:'[160.30.55.96]' HELO:'service.imrmyih.cn' FROM:'reportf...@service.imrmyih.cn' RCPT:''
X-Greylist: Delayed for 00:30:07 by milter-greylist-4.6.4
The blacklist domain lines appear before the greylist.conf line adding the
X-Greylist header, although I've also tried placing them after it.
Any ideas why this might be happening?
I've tried blacklisting both "domain" and "from"
I have no statements of the form:
racl greylist list "grey users" delay 30m autowhite 3d
racl whitelist default
as I want greylist for everyone by default.
Thanks,
Gary
racl blacklist domain /.*\.cn$/
but I am still seeing messages delivered after greylisting:
Return-Path: <reportf...@service.imrmyih.cn>
Received: from service.imrmyih.cn ([160.30.55.96])
Received: from 263.com (43.164.135.245) by service.imrmyih.cn ... (envelope-from <reportf...@service.imrmyih.cn>)
From: "visajapan" <reportf...@service.imrmyih.cn>
Message-ID: <2025091904...@service.imrmyih.cn>
X-Greylist: inspected by milter-greylist-4.6.4 ... for IP:'160.30.55.96' DOMAIN:'[160.30.55.96]' HELO:'service.imrmyih.cn' FROM:'reportf...@service.imrmyih.cn' RCPT:''
X-Greylist: Delayed for 00:30:07 by milter-greylist-4.6.4
The blacklist domain lines appear before the greylist.conf line adding the
X-Greylist header, although I've also tried placing them after it.
Any ideas why this might be happening?
I've tried blacklisting both "domain" and "from"
I have no statements of the form:
racl greylist list "grey users" delay 30m autowhite 3d
racl whitelist default
as I want greylist for everyone by default.
Thanks,
Gary
Steve Rikli
Sep 18, 2025, 11:22:56 PM (5 days ago) Sep 18
to Gary Aitken, FreeBSD Mailing List
On Thu, Sep 18, 2025 at 08:46:26PM -0600, Gary Aitken wrote:
> I have the following set in /usr/local/etc/greylist.conf:
>
> racl blacklist domain /.*\.cn$/
>
> but I am still seeing messages delivered after greylisting:
I'm no expert with milter-greylist regex (I mostly use simple fqdn and
> I have the following set in /usr/local/etc/greylist.conf:
>
> racl blacklist domain /.*\.cn$/
>
> but I am still seeing messages delivered after greylisting:
similar for whitelists), so take this with a grain of salt...
Looking at some greylist.conf(5) examples, I usually see "@" included,
presumably for a less wide match, e.g. a couple regex cut-pastes:
racl whitelist rcpt /@.*otherdomain\.org$/
racl greylist rcpt /@.*mydomain\.org$/
It's kind of a longshot, but I might suggest trying your racl with
something like this:
racl blacklist domain /@.*\.cn$/
Also, do you have "domainexact" set?
> Return-Path: <reportf...@service.imrmyih.cn>
> Received: from service.imrmyih.cn ([160.30.55.96])
> Received: from 263.com (43.164.135.245) by service.imrmyih.cn ... (envelope-from <reportf...@service.imrmyih.cn>)
> From: "visajapan" <reportf...@service.imrmyih.cn>
> Message-ID: <2025091904...@service.imrmyih.cn>
> X-Greylist: inspected by milter-greylist-4.6.4 ... for IP:'160.30.55.96' DOMAIN:'[160.30.55.96]' HELO:'service.imrmyih.cn' FROM:'reportf...@service.imrmyih.cn' RCPT:''
> X-Greylist: Delayed for 00:30:07 by milter-greylist-4.6.4
I think 30m(inutes) is the default greylist wait period unless you
explicitly configure one.
Gary Aitken
Sep 19, 2025, 3:48:05 PM (5 days ago) Sep 19
to Steve Rikli, FreeBSD Mailing List
On 9/18/25 21:21, Steve Rikli wrote:
> On Thu, Sep 18, 2025 at 08:46:26PM -0600, Gary Aitken wrote:
>> I have the following set in /usr/local/etc/greylist.conf:
>>
>> racl blacklist domain /.*\.cn$/
>>
>> but I am still seeing messages delivered after greylisting:
> On Thu, Sep 18, 2025 at 08:46:26PM -0600, Gary Aitken wrote:
>> I have the following set in /usr/local/etc/greylist.conf:
>>
>> racl blacklist domain /.*\.cn$/
>>
>> but I am still seeing messages delivered after greylisting:
...
> Looking at some greylist.conf(5) examples, I usually see "@"
> included, presumably for a less wide match, e.g. a couple regex cut-
> pastes:
>
> racl whitelist rcpt /@.*otherdomain\.org$/ racl greylist rcpt /
> @.*mydomain\.org$/
>
> It's kind of a longshot, but I might suggest trying your racl with
> something like this:
>
> racl blacklist domain /@.*\.cn$/
I think the @ is there because it's a "rcpt" racl, not a "domain" racl.
> Looking at some greylist.conf(5) examples, I usually see "@"
> included, presumably for a less wide match, e.g. a couple regex cut-
> pastes:
>
> racl whitelist rcpt /@.*otherdomain\.org$/ racl greylist rcpt /
> @.*mydomain\.org$/
>
> It's kind of a longshot, but I might suggest trying your racl with
> something like this:
>
> racl blacklist domain /@.*\.cn$/
Seems like a long shot since .* should still match the @.
Thanks, I'll also try some combinations using "from" instead of "domain"
racl blacklist from /@.*\.cn$/
> Also, do you have "domainexact" set?
But given the regular expression I'm using, it shouldn't matter?
Gary
Steve Rikli
Sep 19, 2025, 5:58:46 PM (5 days ago) Sep 19
to Gary Aitken, FreeBSD Mailing List
On Fri, Sep 19, 2025 at 01:47:34PM -0600, Gary Aitken wrote:
> On 9/18/25 21:21, Steve Rikli wrote:
> > On Thu, Sep 18, 2025 at 08:46:26PM -0600, Gary Aitken wrote:
> > > I have the following set in /usr/local/etc/greylist.conf:
> > >
> > > racl blacklist domain /.*\.cn$/
> > >
> > > but I am still seeing messages delivered after greylisting:
> ...
> > Looking at some greylist.conf(5) examples, I usually see "@"
> > included, presumably for a less wide match, e.g. a couple regex cut-
> > pastes:
> >
> > racl whitelist rcpt /@.*otherdomain\.org$/
> > racl greylist rcpt /@.*mydomain\.org$/
> On 9/18/25 21:21, Steve Rikli wrote:
> > On Thu, Sep 18, 2025 at 08:46:26PM -0600, Gary Aitken wrote:
> > > I have the following set in /usr/local/etc/greylist.conf:
> > >
> > > racl blacklist domain /.*\.cn$/
> > >
> > > but I am still seeing messages delivered after greylisting:
> ...
> > Looking at some greylist.conf(5) examples, I usually see "@"
> > included, presumably for a less wide match, e.g. a couple regex cut-
> > pastes:
> >
> > racl whitelist rcpt /@.*otherdomain\.org$/
> >
> > It's kind of a longshot, but I might suggest trying your racl with
> > something like this:
> >
> > racl blacklist domain /@.*\.cn$/
>
> I think the @ is there because it's a "rcpt" racl, not a "domain" racl.
> Seems like a long shot since .* should still match the @.
> Thanks, I'll also try some combinations using "from" instead of "domain"
> racl blacklist from /@.*\.cn$/
Right, yes, sorry -- I wasn't really paying attention to domain vs. rcpt
> > It's kind of a longshot, but I might suggest trying your racl with
> > something like this:
> >
> > racl blacklist domain /@.*\.cn$/
>
> I think the @ is there because it's a "rcpt" racl, not a "domain" racl.
> Seems like a long shot since .* should still match the @.
> Thanks, I'll also try some combinations using "from" instead of "domain"
> racl blacklist from /@.*\.cn$/
and such. I expect you're correct.
Fwiw I've tried similar domain regex as yours in the past and never
really got them to work the way I wanted either. Fortunately I was able
to deal with most of my needs using complete domain names without regex.
> > Also, do you have "domainexact" set?
>
> No.
> But given the regular expression I'm using, it shouldn't matter?
more meaningful e.g. with partial text matches, subdomains, etc.
Reply all
Reply to author
Forward
0 new messages