<div><div dir="auto">The ironports were upgraded last night so this may be transitory. in any case i will forward this thread to the interested parties. </div><br><div class="gmail_quote"><div>On Thu, Aug 17, 2017 at 9:58 AM Gilbert E. Detillieux <<a href="mailto:gedetil@cs.umanitoba.ca">gedetil@cs.umanitoba.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 17/08/2017 3:22 AM, Trevor Cordes wrote:<br>
> I just started getting some weirdness with some email sent to my mail<br>
> servers. Greylisting "come back later" (451) messages are being<br>
> interpreted (it appears) by remote MTAs as a 5xx level error, meaning they<br>
> immediately abort send attempts and bounce the email! I have never seen<br>
> this before.<br>
><br>
> I've seen it from two separate remote MTAs so far, but from reports I'm<br>
> getting in, it's happening on more.<br>
><br>
> Here's what I get from <a href="http://umce3cip03.ad.umanitoba.ca" rel="noreferrer" target="_blank">umce3cip03.ad.umanitoba.ca</a>:<br>
><br>
> Remote Server returned '554 5.0.0 <[50.71.247.87] #5.0.0 smtp; 5.1.0 -<br>
> Unknown address error 550-'<<a href="mailto:foobar@tecnopolis.ca" target="_blank">foobar@tecnopolis.ca</a>>... 451 4.7.1 Greylisting<br>
> in action, please come back later' (delivery attempts: 0)>'<br>
><br>
> On my server sendmail log I see:<br>
><br>
> Aug 16 08:43:15 pog sendmail[14379]: v7GDhFav014379: Milter:<br>
> to=<<a href="mailto:foobar@tecnopolis.ca" target="_blank">foobar@tecnopolis.ca</a>>, reject=451 4.7.1 Greylisting in action, please<br>
> come back later<br>
><br>
> So <a href="http://umce3cip03.ad.umanitoba.ca" rel="noreferrer" target="_blank">umce3cip03.ad.umanitoba.ca</a> appears to be taking my 451 and turning it<br>
> into a 500/554/510 permanent error.<br>
<br>
That's very weird... I hadn't seen that one before. I'll have to check<br>
my own server logs, since I use greylisting too.<br>
<br>
> I also see this from yahoomail, but that's a different situation because<br>
> yahoo is always considered "broken mta" in milter-greylist and we must<br>
> whitelist all of their servers... but, the usual/previous symptom was<br>
> yahoo would keep retrying as normal, just with a different IP each time,<br>
> thus never passing greylisting. And now yahoo is doing the same thing as<br>
> <a href="http://umce3cip03.ad.umanitoba.ca" rel="noreferrer" target="_blank">umce3cip03.ad.umanitoba.ca</a> above (when I haven't yet whitelisted the<br>
> particular IP that day, grrr):<br>
><br>
> Sorry, we were unable to deliver your message to the following address.<br>
> <<a href="mailto:foo@tecnopolis.ca" target="_blank">foo@tecnopolis.ca</a>>:<br>
> 550: <<a href="mailto:foo@tecnopolis.ca" target="_blank">foo@tecnopolis.ca</a>>... 451 4.7.1 Greylisting in action, please<br>
> come back later<br>
><br>
><br>
> So at least 2 MTAs, probably more, are changing 451 greylist into 5xx. Is<br>
> there some new massive change out there to basically take greylist MTAs as<br>
> broken? Is there a way to find out what MTA (or outsourced service<br>
> provider) <a href="http://umce3cip03.ad.umanitoba.ca" rel="noreferrer" target="_blank">umce3cip03.ad.umanitoba.ca</a> is using? Perhaps there is just one<br>
> brand that unilaterally decided on this action?<br>
<br>
The UofM is using Cisco Ironport servers as the front-end SMTP servers.<br>
Maybe that will help in your searches...<br>
<br>
> I can find no google hits on any of this. :-(<br>
><br>
> There is an easy workaround/gotcha: if people wait the greylist timeout<br>
> (usually 2 to 20 minutes) and then resend the same to-from-ip tuple email,<br>
> it will go through as their server will have been whitelisted in the<br>
> interim! But that makes it harder to troubleshoot this problem because it<br>
> then becomes transient.<br>
><br>
> If any MUUGers have problems with MUUG mailing lists bouncing, please<br>
> resend your email after 1 hr if it hasn't showed up yet (you can check the<br>
> website mail list archives section) and/or please email me directly with<br>
> your bounce email message (twice, wait 20 mins!) so I can solve this for<br>
> both MUUG servers and my own.<br>
><br>
> If this problem is a) permanent/deliberate, and b) widespread, I think<br>
> that spells the death of greylisting (grrrrr...) and the nearing of "spf<br>
> strict" enabling.<br>
<br>
As far as the MUUG servers go, I don't think greylisting has been<br>
terribly effective, so it's not a big deal if we have to disable it.<br>
OTOH, on my workplace e-mail server, greylisting is sometimes effective<br>
(some days, it's in 2nd or 3rd place in the summary of rejected e-mail<br>
causes).<br>
<br>
The effectiveness of greylisting does seem to be decreasing over time,<br>
though. Many of the more "dedicated" spammers have adjusted to this,<br>
and now retry. (You can see that on the days where we're really hit<br>
hard, and the greylist rejection count actually seems to be lower.)<br>
<br>
--<br>
Gilbert E. Detillieux E-mail: <<a href="mailto:gedetil@cs.umanitoba.ca" target="_blank">gedetil@cs.umanitoba.ca</a>><br>
Dept. of Computer Science Web: <a href="http://www.cs.umanitoba.ca/~gedetil/" rel="noreferrer" target="_blank">http://www.cs.umanitoba.ca/~gedetil/</a><br>
University of Manitoba Phone: (204)474-8161<br>
Winnipeg MB CANADA R3T 2N2 Fax: (204)474-7609<br>
_______________________________________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.ca" target="_blank">Roundtable@muug.ca</a><br>
<a href="https://muug.ca/mailman/listinfo/roundtable" rel="noreferrer" target="_blank">https://muug.ca/mailman/listinfo/roundtable</a><br>
</blockquote></div></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature">Micah Garlich-Miller <<a href="mailto:micahgarlichmiller@gmail.com" target="_blank">micahgarlichmiller@gmail.com</a>><br></div>