Loading ...
Sorry, an error occurred while loading the content.
 

Re: Helo command rejected : Why

Expand Messages
  • Robert Felber
    ... Is it possible that germany1 tries to deliver either to port 465 or 587? My bet is 587: [robtone@fpsvr1z150:~]% telnet smtp-3.dynsipr.ucl.ac.be 587 Trying
    Message 1 of 36 , Jul 1, 2006
      On Sat, Jul 01, 2006 at 06:45:05PM +0200, Pascal Maes wrote:
      > smtps inet n - n - - smtpd
      > -o smtpd_proxy_filter=127.0.0.1:10025
      > -o smtpd_tls_wrappermode=yes
      > -o smtpd_use_tls=yes
      > -o smtpd_tls_auth_only=yes
      > -o smtpd_sasl_auth_enable=yes
      > -o smtpd_sasl_security_options=noanonymous
      > -o smtpd_helo_restrictions=permit_mynetworks,permit_sasl_authenticated,reje ct
      > -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,re ject

      > submission inet n - n - - smtpd
      > -o smtpd_proxy_filter=127.0.0.1:10025
      > -o smtpd_etrn_restrictions=reject
      > -o smtpd_use_tls=yes
      > -o smtpd_tls_auth_only=yes
      > -o smtpd_sasl_auth_enable=yes
      > -o smtpd_sasl_security_options=noanonymous
      > -o smtpd_helo_restrictions=permit_mynetworks,permit_sasl_authenticated,reje ct
      > -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,re ject

      Is it possible that germany1 tries to deliver either to port 465 or 587?
      My bet is 587:

      [robtone@fpsvr1z150:~]% telnet smtp-3.dynsipr.ucl.ac.be 587
      Trying 130.104.4.3...
      Connected to smtp-3.dynsipr.ucl.ac.be.
      Escape character is '^]'.
      220 smtp-3.dynsipr.ucl.ac.be ESMTP
      HELO test1.ek-muc.de
      250 smtp-3.dynsipr.ucl.ac.be
      MAIL FROM: robtone@...
      250 2.1.0 Ok
      RCPT TO: Sabrina.Costantini@...
      554 5.7.1 <test1.ek-muc.de>: Helo command rejected: Access denied


      --
      Robert Felber (PGP: 896CF30B)
      Munich, Germany
    • Robert Felber
      ... [...] ... I d say yes, because 465 means only that the transfer must be encrypted. But I may be wrong. I am no TLS/SSL/SASL/ expert, but it seems you have
      Message 36 of 36 , Jul 3, 2006
        On Mon, Jul 03, 2006 at 02:49:56PM +0200, Pascal Maes wrote:
        > they connect on port 465 :
        >
        > 13:52:41.642644 IP 217.7.78.26.59879 > 130.104.4.1.465: S 1203166760:1203166760(0) win 16384
        > <mss 1460,nop,nop,sackOK>
        >
        > Our master.cf config fort smtps is ;
        >
        > smtps inet n - n - - smtpd
        > -o smtpd_proxy_filter=127.0.0.1:10025
        > -o smtpd_tls_wrappermode=yes
        > -o smtpd_use_tls=yes
        > -o smtpd_tls_auth_only=yes
        > -o smtpd_sasl_auth_enable=yes
        > -o smtpd_sasl_security_options=noanonymous
        > -o smtpd_helo_restrictions=permit_mynetworks,permit_sasl_authenticated,reje ct
        > -o smtpd_sender_restrictions=permit_mynetworks,permit_sasl_authenticated,re ject

        [...]

        > Two questions :
        >
        > - it is rigth to connect on port 465 for somebody which is not from our domain (cannot be
        > authenticated) ?

        I'd say yes, because 465 means only that the transfer must be encrypted. But I
        may be wrong.
        I am no TLS/SSL/SASL/ expert, but it seems you have TLS wrapper mode running.
        I don't know whether that has impact to connecting clients. All I know is, that
        I have no smtps set up, while providing TLS though.
        Probably someone more TLS experienced can answer this.


        > - why didn't I see anything in the log file (even with debub_peer_list = 217.7.78.26) ?

        If you used really debub_peer_list, then no wonder - debub != debug. Otherwise
        I don't know, I never used debug_peer_list (allthough sometimes I should).


        --
        Robert Felber (PGP: 896CF30B)
        Munich, Germany
      Your message has been successfully submitted and would be delivered to recipients shortly.