Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 811882

Summary: mail-filter/postgrey: whitelist goes too far
Product: Gentoo Linux Reporter: armin
Component: Current packagesAssignee: Sam James <sam>
Status: UNCONFIRMED ---    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description armin 2021-09-06 18:58:55 UTC
after updating to postgrey-1.37_p20190625-r1 (from 1.34) i got so much spam.

there are many ip addresses in the list and they are not all kosher.

i reverted to the whitelist of 1.34 + my local additions. everything is fine now.

just because it's an outlook/microsoft ip range does not make it safe for spam!
Comment 1 Sam James archtester gentoo-dev Security 2021-09-06 19:43:48 UTC
Well, the problem is, greylisting isn't perfect. In general, delaying everything from Outlook/MS isn't really going to help, right?

Is this spam coming from *Azure*? If it's from Outlook itself, I really don't think we can do much (just report it to them). If it's from Azure or other IPs (i.e. not through Outlook), we can fix the range, sure.
Comment 2 Larry the Git Cow gentoo-dev 2021-09-07 01:36:30 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ba40a9889cc83e116731557e5897df254af4f5cc

commit ba40a9889cc83e116731557e5897df254af4f5cc
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-09-07 01:31:18 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-09-07 01:36:14 +0000

    mail-filter/postgrey: restore 1.37 (modernised)
    
    This reverts commit 5db5e8fbdb8ca48a9f5a545ef43dce4e036526b7.
    Contains a different form of the whitelist which may be useful
    for some people. No real rush to cleanup.
    
    Bug: https://bugs.gentoo.org/811882
    Signed-off-by: Sam James <sam@gentoo.org>

 mail-filter/postgrey/Manifest             |  1 +
 mail-filter/postgrey/postgrey-1.37.ebuild | 74 +++++++++++++++++++++++++++++++
 2 files changed, 75 insertions(+)
Comment 3 armin 2021-09-08 08:20:18 UTC
Well grey listing is not perfect, but I am back a 0-1 spam email a day from 80 with the current whitelist. There are def. bad seeds on it.

Generally I am against IP ranges/addresses. If they don't resolve to useful hostnames the setup is generally flawed.
Comment 4 Sam James archtester gentoo-dev Security 2021-09-17 02:58:46 UTC
(In reply to armin from comment #3)
> Well grey listing is not perfect, but I am back a 0-1 spam email a day from
> 80 with the current whitelist. There are def. bad seeds on it.
> 
> Generally I am against IP ranges/addresses. If they don't resolve to useful
> hostnames the setup is generally flawed.

Sure, I understand, but the whitelist exists for a reason -- to avoid delaying stuff unnecessarily. It'd help to know some of the precise ranges which were sending you spam, ideally with headers. You can send it to me privately if you wish.