Loading ...
Sorry, an error occurred while loading the content.

Re: Helo command rejected : Why

Expand Messages
  • Pascal Maes
    ... smtp-3:~# grep NOQUEUE.*chiltern.com /var/log/mail.log Jun 28 15:03:56 smtp-3 postfix/smtpd[23914]: NOQUEUE: reject: RCPT from
    Message 1 of 36 , Jul 1, 2006
    • 0 Attachment
      Le 30 juin 06 à 15:52, Robert Felber a écrit :

      > On Fri, Jun 30, 2006 at 03:12:57PM +0200, Robert Felber wrote:
      >>>> On Fri, Jun 30, 2006 at 12:15:37PM +0200, Pascal Maes wrote:
      >>>>>>> Jun 28 15:03:56 smtp-3 postfix/smtpd[23914]: connect from
      >>>> ^^^^^^
      >
      > Another point of guessing:
      >
      > The entry dates to Jun 28th. Does the error persist? Show postconf -
      > n of
      > smtp-3. Show latest NOQEUE.*chiltern.com entries of smtp-3.
      >
      > Probably someone made up the check_helo_access, caused some
      > entries, and
      > set warn_if_reject (as the entries are from 28th).
      > Probably this one set only on smtp-1 warn_if_reject (if the errors
      > persits on
      > other machines).
      > Guesswork.
      >
      > --
      > Robert Felber (PGP: 896CF30B)
      > Munich, Germany
      >


      smtp-3:~# grep "NOQUEUE.*chiltern.com" /var/log/mail.log
      Jun 28 15:03:56 smtp-3 postfix/smtpd[23914]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Sabrina.Costantini@...> proto=ESMTP
      helo=<germany1.chiltern.com>

      Nothing ont smtp-2

      smtp-1:~# grep "NOQUEUE.*chiltern.com" /var/log/mail.log
      Jun 26 10:16:55 smtp-1 postfix/smtpd[27729]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Sabrina.costantini@...> proto=ESMTP
      helo=<germany1.chiltern.com>
      Jun 26 15:09:48 smtp-1 postfix/smtpd[10407]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Sabrina.costantini@...> proto=ESMTP
      helo=<germany1.chiltern.com>
      Jun 27 10:35:17 smtp-1 postfix/smtpd[13917]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Sabrina.costantini@...> proto=ESMTP
      helo=<germany1.chiltern.com>


      The sender says that they also have that problem on June 6 and also
      in May
      Below, all I find in logfile on the three machines :

      smtp-2:/var/log# zcat mail.log.3.gz | grep "NOQUEUE.*chiltern.com"
      Jun 6 09:44:28 smtp-2 postfix/smtpd[24084]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Sabrina.Costantini@...> proto=ESMTP
      helo=<germany1.chiltern.com>
      smtp-2:/var/log# zcat mail.log.1.gz | grep "NOQUEUE.*chiltern.com"
      Jun 19 16:05:04 smtp-2 postfix/smtpd[22719]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Astrid.Delouvroy@...> proto=ESMTP
      helo=<germany1.chiltern.com>

      smtp-3:/var/log# zcat mail.log.3.gz | grep "NOQUEUE.*chiltern.com"
      Jun 13 13:40:24 smtp-3 postfix/smtpd[5435]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Sabrina.costantini@...> proto=ESMTP
      helo=<germany1.chiltern.com>
      smtp-3:zcat mail.log.2.gz | grep "NOQUEUE.*chiltern.com"
      Jun 20 08:24:42 smtp-3 postfix/smtpd[21996]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Sabrina.Costantini@...> proto=ESMTP
      helo=<germany1.chiltern.com>

      smtp-1:/var/log# zcat mail.log.1.gz | grep "NOQUEUE.*chiltern.com"
      Jun 19 11:42:26 smtp-1 postfix/smtpd[4439]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Sabrina.costantini@...> proto=ESMTP
      helo=<germany1.chiltern.com>
      Jun 20 09:37:41 smtp-1 postfix/smtpd[4004]: NOQUEUE: reject: RCPT
      from germany2.chiltern.com[217.7.78.26]: 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access denied;
      from=<Christel.deVos@...>
      to=<Astrid.Delouvroy@...> proto=ESMTP
      helo=<germany1.chiltern.com>


      Don''t ask me why they wait till end of June to tell me that there
      was a problem.

      Another problem is that I have asked then to make some test with my
      address,
      they receive an error message (in german) :

      ----- Weitergeleitet von Sebastien Ducarme/Chiltern am 29.06.2006 11:24
      -----

      Zustellungsfehlerbericht

      Ihr server!!
      Dokument:

      wurde <pascal.maes@...>
      nicht
      zugestellt
      an:

      weil: Fehler beim Übertragen an smtp.dynsipr.ucl.ac.BE;
      SMTP-Protokoll meldete einen permanenten Fehler 554 5.7.1
      <germany1.chiltern.com>: Helo command rejected: Access
      denied


      How could they say that the mail was rejected as I don't see any
      connection on June 29 (see the first grep of this mail)


      --
      Pascal
    • Robert Felber
      ... [...] ... I d say yes, because 465 means only that the transfer must be encrypted. But I may be wrong. I am no TLS/SSL/SASL/ expert, but it seems you have
      Message 36 of 36 , Jul 3, 2006
      • 0 Attachment
        On Mon, Jul 03, 2006 at 02:49:56PM +0200, Pascal Maes wrote:
        > they connect on port 465 :
        >
        > 13:52:41.642644 IP 217.7.78.26.59879 > 130.104.4.1.465: S 1203166760:1203166760(0) win 16384
        > <mss 1460,nop,nop,sackOK>
        >
        > Our master.cf config fort smtps is ;
        >
        > smtps inet n - n - - smtpd
        > -o smtpd_proxy_filter=127.0.0.1:10025
        > -o smtpd_tls_wrappermode=yes
        > -o smtpd_use_tls=yes
        > -o smtpd_tls_auth_only=yes
        > -o smtpd_sasl_auth_enable=yes
        > -o smtpd_sasl_security_options=noanonymous
        > -o smtpd_helo_restrictions=permit_mynetworks,permit_sasl_authenticated,reje ct
        > -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,re ject

        [...]

        > Two questions :
        >
        > - it is rigth to connect on port 465 for somebody which is not from our domain (cannot be
        > authenticated) ?

        I'd say yes, because 465 means only that the transfer must be encrypted. But I
        may be wrong.
        I am no TLS/SSL/SASL/ expert, but it seems you have TLS wrapper mode running.
        I don't know whether that has impact to connecting clients. All I know is, that
        I have no smtps set up, while providing TLS though.
        Probably someone more TLS experienced can answer this.


        > - why didn't I see anything in the log file (even with debub_peer_list = 217.7.78.26) ?

        If you used really debub_peer_list, then no wonder - debub != debug. Otherwise
        I don't know, I never used debug_peer_list (allthough sometimes I should).


        --
        Robert Felber (PGP: 896CF30B)
        Munich, Germany
      Your message has been successfully submitted and would be delivered to recipients shortly.