In trying to diagnose an issue with delayed receiving of emails on a fresh install of Snow Leopard Server, I noticed some error messages in the logs that looked suspiciously like greylisting. I was already familiar with greylisting having had it used on a mail server I used frequently and initially I was incredibly in favour of it. It was simple, it had a very low to zero false positive rate and it stopped a large amount of spam. The one downside to it, and the reason I no longer use it is that legitimate emails are often delayed by hours or more.
There are few things worse than signing up for a new website login and having to wait a couple of hours to receive the “click on this link” email. Or emailing someone who hasn’t sent you an email before, and having the reply delayed by hours, or more. Some MTAs are good and will retry after just a few minutes, while others wait a couple of hours or more. One ISP (I can not remember which one) had particularly bad mail servers in this regard and emails were often delayed by 12 hours or more.
Anyway, the events I saw in the log were something like the following:
Nov 18 16:21:25 server postfix/smtpd: NOQUEUE: reject: RCPT from mx1.bigisp[10.0.0.143]: 450 4.7.1 : Recipient address rejected: Service is unavailable; from= to= proto=ESMTP helo=
Nov 18 16:35:20 server postfix/smtpd: NOQUEUE: reject: RCPT from mx2.bigisp.com[10.0.0.140]: 450 4.7.1 : Recipient address rejected: Service is unavailable; from= to= proto=ESMTP helo=
Nov 18 19:30:51 server postfix/qmgr: 1042CA3E608: from=, size=7842, nrcpt=1 (queue active)
In the example above, you can see two attempts in a number of minutes from the one ISP (bigisp.com in my example) which would be great and this would mean that the email is sent in a timely fashion. The problem is that this big ISP has multiple mail servers, one attempt comes from mx1 and the second from mx2, both on different ip addresses (.143 and .140) so it’s seen as two separate attempts and each one is told to wait. Then, there’s a retry at around 3 hours later, and this time it’s accepted for delivery.
What really gets me about this is that there’s no mention that I’ve seen in the Snow Leopard Server documentation that this is enabled, and no obvious way I’ve found to turn it off. I want spam filtering, I want AV filtering. I most definitely do not want greylisting. The people using this mail server rely on it for their business and the timely delivery of information – greylisting does nothing to help their cause.
Fortunately, with the power of the internet, a solution was quickly proposed on Apple’s discussion forums, and here it is for completeness:
You need to edit the file /etc/postfix/main.cf with root privileges.
On the server, in Terminal type the following (works if you’re using ssh to access the server as well)
sudo -s Enter your administrator password when prompted. This will give you a root shell on the machine – this is pretty powerful kung-fu, so use it carefully. If you don’t know what you’re doing then don’t do it.
cd /etc/postfix Feel free to substitute nano, vi, or mate or your favourite text editor for pico. How to drive pico is beyond the scope of this article.
cp main.cf main.cf.backup
Search for a line that starts with
Remove the bit of the line that says
Save and exit.
Finally, type the following into the terminal or reboot the server for the changes to take effect.