Re: Helo command rejected : Why
- On Fri, Jun 30, 2006 at 04:57:30PM +0200, Robert Felber wrote:
> 554 5.7.1 indicates that it was a REJECT action (i.e. not a "550 bubble").Also, sometimes there are more settings than main.cf alone
> (I'm not certain which reject_muble-* causes a 554 5.7.1, so it might be
> either a REJECT from checks or a reject_* action).
> Would be really interesting whether that error persists.
discloses. Those pesky master(5).cf "-o" overrides can be hard to spot.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain the Unix email
environment. If you are interested, please drop me a note.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
- On Mon, Jul 03, 2006 at 02:49:56PM +0200, Pascal Maes wrote:
> they connect on port 465 :[...]
> 13:52:41.642644 IP 188.8.131.52.59879 > 184.108.40.206.465: S 1203166760:1203166760(0) win 16384
> <mss 1460,nop,nop,sackOK>
> Our master.cf config fort smtps is ;
> smtps inet n - n - - smtpd
> -o smtpd_proxy_filter=127.0.0.1:10025
> -o smtpd_tls_wrappermode=yes
> -o smtpd_use_tls=yes
> -o smtpd_tls_auth_only=yes
> -o smtpd_sasl_auth_enable=yes
> -o smtpd_sasl_security_options=noanonymous
> -o smtpd_helo_restrictions=permit_mynetworks,permit_sasl_authenticated,reje ct
> -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,re ject
> Two questions :I'd say yes, because 465 means only that the transfer must be encrypted. But I
> - it is rigth to connect on port 465 for somebody which is not from our domain (cannot be
> authenticated) ?
may be wrong.
I am no TLS/SSL/SASL/ expert, but it seems you have TLS wrapper mode running.
I don't know whether that has impact to connecting clients. All I know is, that
I have no smtps set up, while providing TLS though.
Probably someone more TLS experienced can answer this.
> - why didn't I see anything in the log file (even with debub_peer_list = 220.127.116.11) ?If you used really debub_peer_list, then no wonder - debub != debug. Otherwise
I don't know, I never used debug_peer_list (allthough sometimes I should).
Robert Felber (PGP: 896CF30B)