Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: realzcubed
realzcubed Author
User level: Level 1
2 points

Greylisting Causes Comcast Email FAIL

I'm running OS X Server Mail Server. Whenever someone with a Comcast account sends my server an email, the email fails with error:


Delivery to the following recipients was aborted after 6 second(s):


* user@example.com ...


Diagnostic-Code: smtp; 450 4.7.1 <user@example.com>: Recipient address rejected: Service is unavailable



Googling around suggested that this is a greylisting problem, and sure enough, disabling graylisting in postfix by editing /etc/postfix/main.cf to remove "check_policy_service unix:private/policy" in smtpd_recipient_restrictions works! Email from Comcast no longer fails and is delivered sucessfully to the server.


But now I've turned off an effective method for rejecting spam. Can this be avoided?


How do I whitelist any SMTP connects from mail.comcast.net? Is there a way of telling Comcast to play nice with greylising and not FAIL after a single refused connection?

Mac mini, Mac OS X (10.6.7)

Posted on May 1, 2011 12:09 AM

Reply
Question marked as Best reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
116,451 points

Posted on May 1, 2011 6:57 AM

If you want to look at the implementation of Greylisting, it's a Perl module, and you can customize it or tweak its database as needed. By default...


  • /usr/libexec/postfix/greylist.pl
  • /var/lib/postfix/greylist.db


Here is some greylisting documentationand also see the sender whitelisting scheme discussion in this thread.


Alternatively, please consider posting your domain name, and we can take a look at the DNS and MX settings. This (mis)behavior might well be a hair-trigger setting at Comcast, but it can also be an issue with the reverse DNS or MX record on your server. If you're not inclined to post the domain(s) involved (and that's understandable, and fine by me), then there are web tools around to verify your SMTP-related DNS that might be useful here. Cricket Liu had such a DNS tool posted, IIRC.

View in context
3 replies
Question marked as Best reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
116,451 points

May 1, 2011 6:57 AM in response to realzcubed

If you want to look at the implementation of Greylisting, it's a Perl module, and you can customize it or tweak its database as needed. By default...


  • /usr/libexec/postfix/greylist.pl
  • /var/lib/postfix/greylist.db


Here is some greylisting documentationand also see the sender whitelisting scheme discussion in this thread.


Alternatively, please consider posting your domain name, and we can take a look at the DNS and MX settings. This (mis)behavior might well be a hair-trigger setting at Comcast, but it can also be an issue with the reverse DNS or MX record on your server. If you're not inclined to post the domain(s) involved (and that's understandable, and fine by me), then there are web tools around to verify your SMTP-related DNS that might be useful here. Cricket Liu had such a DNS tool posted, IIRC.

Reply
User profile for user: realzcubed
realzcubed Author
User level: Level 1
2 points

May 1, 2011 7:39 AM in response to MrHoffman

Thanks MrHoffman. Domain is monkeysaddle.com, with Comcast as ISP. "host monkeysaddle.com" gives my ip, but reverse DNS "host <my ip>" points to my long-comcast-domain-name-with-the-ip-imbedded-in-th-front, not monkeysaddle.com. Could this be the issue? That would be a little surprising because both domain names point to the same IP. Also Comcast appears to be resolving @monkeysaddle.com correctly because Comcast emails are rejected by my server when I have greylisting turned on, and Comcast email is sent when I turn it off.


In the meantime I'll follow your advice and have a look at the greylisting dox and dbs.

Reply

Greylisting Causes Comcast Email FAIL

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up