log question

Need help? Ask here.

Moderator: Moderators

Post Reply
wkuypers
Posts: 79
Joined: Mon Nov 28, 2005 4:34 am

log question

Post by wkuypers »

Hello,

We have a domain with greylisting on. Especially with spam messages, we observce that there is a first yellow entry, and than there is no more trace of the message in the main log (no green one). Afterwards when we have a look in the Greylisting configuration section, we see that there is a green entry for the reject email, which means it passed. So either logs is mistaking, the normal email log for a domain or the entry table for greylisting.
For other emails no problem, there is an green entry in the mail log, when there also is an entry in the greylisting table.

Thanks for taking a look.
I can give more details, but not in the forum.

W. Kuypers
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

The greylist entry is yellow if it's still within the "Delay Time" timeframe. After the delay time passes, the greylisting entry turns from yellow to green and waits for the time configured as the retry window. If the IP/sender/recipient combination isn't seen after this second timeframe, the greylisting entry is simply deleted. (If it was seen again, the greylist entry is kept for the maximum age time.) Greylisting entries only turn red and reject if a sender exceeds the hard failure limit while the entry is still within the delay time (yellow). Although a Greylisting table entry may show green, it doesn't indicate a message was actually accepted, only that the entry is aged past its delay time.

When a one-shot spam is stopped by greylisting, you'll only see the yellow "defer" main log entry, because the spam source only tried once. If you happen to check the logs and see the related greylisting table entry before it expires, the entry probably says "allowed 0 messages".
Technical Support support@rollernet.us
Roller Network LLC
wkuypers
Posts: 79
Joined: Mon Nov 28, 2005 4:34 am

Post by wkuypers »

I am getting it.
In the greylist table entry the color is green even if it states "allowed 0 messages", so I thought a message passed and "allowed 0 messages" meant that no further emails got through.
So when it says "allowed 0 messages", this means no message passed. Then the question is why put un entry in the greylist table in green, if no message passed ?



When a one-shot spam is stopped by greylisting, you'll only see the yellow "defer" main log entry, because the spam source only tried once. If you happen to check the logs and see the related greylisting table entry before it expires, the entry probably says "allowed 0 messages".
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

The entry is green because it indicates that a client triplet (IP/sender/recipient) would be accepted if it appeared again. The colors only indicate Delay Time vs. Maximum Age or Retry Window times and defer/no-defer.

We could make greylisting-allow entries that haven't seen anything pass a different color.
Technical Support support@rollernet.us
Roller Network LLC
Post Reply