Loading ...
Sorry, an error occurred while loading the content.

Re: Helo command rejected : Why

Expand Messages
  • Victor Duchovni
    ... Also, sometimes there are more settings than main.cf alone discloses. Those pesky master(5).cf -o overrides can be hard to spot. -- Viktor. P.S. Morgan
    Message 1 of 36 , Jun 30, 2006
    • 0 Attachment
      On Fri, Jun 30, 2006 at 04:57:30PM +0200, Robert Felber wrote:

      > 554 5.7.1 indicates that it was a REJECT action (i.e. not a "550 bubble").
      > (I'm not certain which reject_muble-* causes a 554 5.7.1, so it might be
      > either a REJECT from checks or a reject_* action).
      >
      > Would be really interesting whether that error persists.

      Also, sometimes there are more settings than main.cf alone
      discloses. Those pesky master(5).cf "-o" overrides can be hard to spot.

      --
      Viktor.

      P.S. Morgan Stanley is looking for a New York City based, Senior Unix
      system/email administrator to architect and sustain the Unix email
      environment. If you are interested, please drop me a note.

      Disclaimer: off-list followups get on-list replies or get ignored.
      Please do not ignore the "Reply-To" header.

      To unsubscribe from the postfix-users list, visit
      http://www.postfix.org/lists.html or click the link below:
      <mailto:majordomo@...?body=unsubscribe%20postfix-users>

      If my response solves your problem, the best way to thank me is to not
      send an "it worked, thanks" follow-up. If you must respond, please put
      "It worked, thanks" in the "Subject" so I can delete these quickly.
    • Robert Felber
      ... [...] ... I d say yes, because 465 means only that the transfer must be encrypted. But I may be wrong. I am no TLS/SSL/SASL/ expert, but it seems you have
      Message 36 of 36 , Jul 3, 2006
      • 0 Attachment
        On Mon, Jul 03, 2006 at 02:49:56PM +0200, Pascal Maes wrote:
        > they connect on port 465 :
        >
        > 13:52:41.642644 IP 217.7.78.26.59879 > 130.104.4.1.465: S 1203166760:1203166760(0) win 16384
        > <mss 1460,nop,nop,sackOK>
        >
        > Our master.cf config fort smtps is ;
        >
        > smtps inet n - n - - smtpd
        > -o smtpd_proxy_filter=127.0.0.1:10025
        > -o smtpd_tls_wrappermode=yes
        > -o smtpd_use_tls=yes
        > -o smtpd_tls_auth_only=yes
        > -o smtpd_sasl_auth_enable=yes
        > -o smtpd_sasl_security_options=noanonymous
        > -o smtpd_helo_restrictions=permit_mynetworks,permit_sasl_authenticated,reje ct
        > -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,re ject

        [...]

        > Two questions :
        >
        > - it is rigth to connect on port 465 for somebody which is not from our domain (cannot be
        > authenticated) ?

        I'd say yes, because 465 means only that the transfer must be encrypted. But I
        may be wrong.
        I am no TLS/SSL/SASL/ expert, but it seems you have TLS wrapper mode running.
        I don't know whether that has impact to connecting clients. All I know is, that
        I have no smtps set up, while providing TLS though.
        Probably someone more TLS experienced can answer this.


        > - why didn't I see anything in the log file (even with debub_peer_list = 217.7.78.26) ?

        If you used really debub_peer_list, then no wonder - debub != debug. Otherwise
        I don't know, I never used debug_peer_list (allthough sometimes I should).


        --
        Robert Felber (PGP: 896CF30B)
        Munich, Germany
      Your message has been successfully submitted and would be delivered to recipients shortly.