The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Greylisting alternative based on perl/MySQL

Discussion in 'E-mail Discussions' started by feanorknd, Nov 27, 2015.

  1. feanorknd

    feanorknd Member

    Joined:
    Sep 28, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Hello:

    I am testing right now a greylisting solution alternative to cpanel, based on perl and MySQL.

    Main features are:
    • If IP whitelisted by Cpanel as from common mail provider, PASSED.
    • If IP belongs to the same C class for another IP at greylisted-passed database, for the same sender_from and the same receipt_to, PASSED (we are not whitelisting C class for any email, only for same sender/receipt, so could catch mail from legit MTA farms).
    • Checking PTR and IP:
      • if PTR record for IP does not exists: GREYLISTED.
      • if forwarding the PTR answer from the IP, and this IP is not legit or listed: GREYLISTED.
      • if from's domain does not have MX record: GREYLISTED.
      • if the IP for the MX server of this domain (from), is the same sending: PASSED.
      • if no match previously, then:
        • extract base domain name from MX of the domain.
        • extract base domain name from PTR record.
        • if base domain name from MX == base domain name from PTR: PASSED.
    (I think this is much better than partials ptr matches).


    All code in perl, executed from exim.pl (I know how to make cpanel not rewritting my confs without failing). The database in MySQL.

    • Every action appears in exim_mainlog.
    • Every 30 minutes, a perl script does remove hosts greylisted without succeed and add current lines to exim_mainlog for analysis.
    • When host passes, exim_mainlog does notify which way it did... if not whitelisted but greylisted, and passes finally few minutes later, delay time is also calculated and added to log.

    Some debug from exim_mainlog:

    Code:
    2015-11-28 04:16:32 H=(sta-nsext.example.com) [80.91.85.150]:49892 I=[x.x.x.x]:25 F=<noreply@sparkpromotions.es> temporarily rejected RCPT <info@yyyyyyyyyy.es>: Greylisted Host: '80.91.85.150' From: '[EMAIL]noreply@domain.es[/EMAIL]' To: '[EMAIL]info@yyyyyyyyyy.es[/EMAIL]'
    2015-11-28 04:18:05 H=mailsrv329.ssomedomain.net [31.24.159.42]:58097 I=[x.x.x.x]:25 F=<info@fr.shopper-email.es> temporarily rejected RCPT <modexpor@someotherdomain.com>: Greylisted Host: '31.24.159.42' From: '[EMAIL]info@fr.exampletoo.es' To: '[EMAIL]modexpor@yyyyyyyyyy.com[/EMAIL]'
    2015-11-28 04:25:01 Greylisting whitelisted by PTR: 62.97.140.236 MD-NO--33177-911-IT-PR--raul=allsol.es@lists.mdirector.com, to: [EMAIL]raul@yyyyyyyyyy.es[/EMAIL]
    2015-11-28 04:28:19 Greylisting passed: from: [EMAIL]root@vpsfrom.ovh.net[/EMAIL] (149.202.49.65), to: [EMAIL]ten@yyyyyyyyyy.es[/EMAIL] (delay -893 seconds)
    2015-11-28 04:28:38 Greylisting whitelisted by PTR: 91.121.156.144 [EMAIL]nuitsecretes@examplethree.com[/EMAIL], to: [EMAIL]azul@yyyyyyyyyy.com[/EMAIL]
    2015-11-28 00:00:29 GREYLIST error: from IP 213.229.90.155, from: [EMAIL]re@examplefour.com[/EMAIL], to: [EMAIL]jmlario@yyyyyyyyyy.com[/EMAIL]
    2015-11-28 00:05:16 GREYLIST error: from IP 5.135.62.190, from: [EMAIL]bounces@leads-marketing.es[/EMAIL], to: [EMAIL]administracion@yyyyyyyyyy.com[/EMAIL]
    2015-11-28 00:16:17 GREYLIST error: from IP 12.129.200.219, from: [EMAIL]Newsletter@email.domainfive.com[/EMAIL], to: [EMAIL]jl.lopez@yyyyyyyyyy.com[/EMAIL]
    2015-11-28 00:17:20 GREYLIST error: from IP 198.37.146.178, from: bounces+1186681-ae0a-anita=yyyyyyyyy.com@email.examplesix.com, to: [EMAIL]anita@yyyyyyyyyy.com[/EMAIL]
    2015-11-28 00:26:59 GREYLIST error: from IP 213.229.90.155, from: [EMAIL]re@otherdomain.com[/EMAIL], to: [EMAIL]ahg@yyyyyyyyyy.com[/EMAIL]
    2015-11-28 04:35:46 Greylisting whitelisted by PTR: 195.53.82.211 [EMAIL]infomail@exampleseven.com[/EMAIL], to: [EMAIL]info@yyyyyyyyyy.es[/EMAIL]
    
    As you see, "GREYLIST error" messages happens when cron script each 30 minutes, does remove hosts greylisted for 4 hours without succeeded returns. The log time is set to the first attempt.

    Also... some debug from perl's PTR checks, for some IPs and Sender_from:



    Code:
    PROCESANDO: ip: 104.236.150.101 / email: [EMAIL]4e944361-sio-GxIJprnK3J_5BZBq@mk1.example.com[/EMAIL]
    DOMAIN: mk1.example.com
    PTR (104.236.150.101): mta-wk-0.mk1.example.com
    PTR LEGIT: 104.236.150.101 is resolved for mta-wk-0.mk1.example.com
    MX (mk1.example.com): mta-wk-0.mk1.example.com
    MX SENDING: 104.236.150.101 is current MX
    ---------------------------------------------------------------------------------
    El resultado es: whitelist
    _________________________________________________________________________________
    ---------------------------------------------------------------------------------
    PROCESANDO: ip: 104.236.150.125 / email: [EMAIL]bd1eedaa-sio-gTtohW83NxmZlQ69@mk2.example.com[/EMAIL]
    DOMAIN: mk2.example.com
    PTR (104.236.150.125): mta-wk-0.mk2.example.com
    PTR LEGIT: 104.236.150.125 is resolved for mta-wk-0.mk2.example.com
    MX (mk2.example.com): mta-wk-3.mk2.example.com
    MX NOT SENDING:: 104.236.150.125 is not MX
    BASE DOMAIN FOR MX (mta-wk-3.mk2.example.com): example.com
    BASE DOMAIN FOR PTR (mta-wk-0.mk2.example.com): example.com
    WHITELIST: Dominio base MX es dominio base PTR: coincidencia parcial
    ---------------------------------------------------------------------------------
    El resultado es: whitelist
    _________________________________________________________________________________
    ---------------------------------------------------------------------------------
    PROCESANDO: ip: 104.236.31.3 / email: [EMAIL]6892beb7-sio-cyILGbDda1T2nodO@mk1.domain.com[/EMAIL]
    DOMAIN: mk1.domain.com
    PTR (104.236.31.3): mta-wk-3.mk1.domain.com
    PTR LEGIT: 104.236.31.3 is resolved for mta-wk-3.mk1.domain.com
    MX (mk1.domain.com): mta-wk-2.mk1.domain.com
    MX NOT SENDING:: 104.236.31.3 is not MX
    BASE DOMAIN FOR MX (mta-wk-2.mk1.domain.com): domain.com
    BASE DOMAIN FOR PTR (mta-wk-3.mk1.domain.com): domain.com
    WHITELIST: Dominio base MX es dominio base PTR: coincidencia parcial
    El resultado es: whitelist
    _________________________________________________________________________________
    ---------------------------------------------------------------------------------
    PROCESANDO: ip: 104.238.190.98 / email: [EMAIL]someuser@yahoo.com[/EMAIL]
    DOMAIN: yahoo.com
    PTR (104.238.190.98): 104.238.190.98.somedomain.com
    GREYLIST: no legit 104.238.190.98 for 104.238.190.98.somedomain.com
    ---------------------------------------------------------------------------------
    El resultado es: greylist
    _________________________________________________________________________________
    ---------------------------------------------------------------------------------
    PROCESANDO: ip: 104.238.228.181 / email: [EMAIL]rebotes@examples.co[/EMAIL]
    DOMAIN: examples.co
    GREYLIST: PTR does not exist
    ---------------------------------------------------------------------------------
    El resultado es: greylist
    _________________________________________________________________________________
    ---------------------------------------------------------------------------------
    PROCESANDO: ip: 103.230.34.213 / email: [EMAIL]newsletter@domain.com
    DOMAIN: mail.domain.com
    PTR (103.230.34.213): smtp99213.somedomain.com
    PTR LEGIT: 103.230.34.213 is resolved for smtp99213.somedomain.com
    MX (mail.she-pin.com): postfix.domain.com
    MX NOT SENDING:: 103.230.34.213 is not MX
    BASE DOMAIN FOR MX (postfix.domain.com): domain.com
    BASE DOMAIN FOR PTR (smtp99213.example.com): example.com
    GREYLIST: Los dominios base PTR y MX no coinciden
    ---------------------------------------------------------------------------------
    El resultado es: greylist
    
    
    
    Sorry... I am spanish, so some comments are in Spanish (I use to write in both languages)... but I think you may understand.

    It is running for hours with complete succeed... very tested.

    Next week, I may share code and How Tos...

    Some comments or feature ideas are highly appreciated---- ;)

    Thanks.
     
    #1 feanorknd, Nov 27, 2015
    Last edited by a moderator: Nov 30, 2015
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,453
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Do you have a specific question?

    Please be sure to remove any actual domain names and personal details from your posts.
     
Loading...

Share This Page