set pre-result to ‘soft reject’ (no score): ‘Try again later’ from greylist(1)
what is the score of greylist
config show rspamd
try to disabled greylisting also
set pre-result to ‘soft reject’ (no score): ‘Try again later’ from greylist(1)
what is the score of greylist
config show rspamd
try to disabled greylisting also
rspamd=service
BlockAttachmentClassList=Exec
BlockAttachmentCustomList=iso,scr
BlockAttachmentCustomStatus=enabled
BlockAttachmentStatus=enabled
OletoolsStatus=enabled
Password=removed
RecipientWhiteList=
SenderBlackList=
SenderWhiteList=
SpamCheckStatus=disabled
SpamGreyLevel=4
SpamKillLevel=16
SpamSubjectPrefixStatus=disabled
SpamSubjectPrefixString=***SPAM***
SpamTag2Level=7
VirusAction=reject
VirusCheckStatus=disabled
VirusScanOnlyAttachment=false
VirusScanSize=20000000
isLoading=false
status=enabled
I have the Antispam set to disabled and the problem is still happening.
like you see rspamd is still up
this is my settings
[root@prometheus ~]# config show rspamd | grep 'Spam'
SpamCheckStatus=enabled
SpamDsnLevel=20
SpamGreyLevel=
SpamKillLevel=19.9
SpamNotification=disabled
SpamNotificationStatus=enabled
SpamSubjectPrefixStatus=enabled
SpamSubjectPrefixString=***SPAM***
SpamTag2Level=8
SpamTagLevel=2
by curiosity what is the output of
rspamadm configdump | grep -A 5 'greylist'
greylist should be enabled = false;
greylist_invalid = false;
expire_novalid = 7200;
symbol_no_mx = "MX_MISSING";
enabled = true;
key_prefix = "rmx";
expire = 86400;
--
greylist = null;
}
elastic {
limit = 10;
import_kibana = false;
debug = false;
--
greylist {
ipv6_mask = 64;
whitelist_domains_url [
"/etc/rspamd/local.d/greylist-whitelist-domains.inc",
"/etc/rspamd/local.d/maps.d/greylist-whitelist-domains.inc",
]
expire = 86400;
key_prefix = "rg";
enabled = false;
ipv4_mask = 19;
Here (with setting shown in screen shot above):
# rspamadm configdump | grep -A 5 'greylist'
greylist_invalid = false;
expire_novalid = 7200;
symbol_no_mx = "MX_MISSING";
enabled = true;
key_prefix = "rmx";
expire = 86400;
--
greylist = null;
}
elastic {
limit = 10;
import_kibana = false;
debug = false;
--
greylist {
ipv6_mask = 64;
whitelist_domains_url [
"/etc/rspamd/local.d/greylist-whitelist-domains.inc",
"/etc/rspamd/local.d/maps.d/greylist-whitelist-domains.inc",
]
expire = 86400;
key_prefix = "rg";
enabled = false;
ipv4_mask = 19;
shows : enabled = false;
well for me the disabled state of rspamd is like it has not been saved in the UI, in a workable rspamd, each plugin gets
greylist {
enabled = false;
}
mime_types {
enabled = false;
}
AFAIK greylisting (451 4.7.1 Try again later”) is totally following the RFC related to SMTP and therefore shouldn’t pose any problem. I’d look somewhere else.
The server being not accessible is a better track I guess.
It is true, if postfix cannot use the rspamd linux socket you have also a try again later, but the evidence is in maillog, you can state on it
In the end it was in fact two problems. The 4.7.1 was due to greylisting behaviour which you helped me with, thank you. This explains Scenario 2 in my first post.
But also, one of my inbound MX IP was getting banned by fail2ban I found so I had to whitelist that IP which explained Scenario 1. Other MX IP we not banned, I am not sure why this was happening but everything is back to normal now.
Fail2ban helps to ban bad login to postfix, ddos and also a specific jail to prevent to use your smtp too many times to send email iirc about 100 email/minutes per IP
Maybe the greylist rejections increased the number of retries from my MX provider and triggered the ban.
only fail2ban log can bring some answers
I realize this is a very old post, but maybe this will help someone in the future. In my case it had nothing to do with the file or folder protections or ownership. My dkim value in DNS did not EXACTLY match the opendkim file!!
I regenerated it to be sure and put the correct value in DNS. Everything then worked great.
A more accurate error message could have saved me HOURS or work.
Welcome to NethServer community.
Thanks for sharing your solution to help others.
I think the error is more general and can have multiple reasons but every solution can be helpful.