Loading ...
Sorry, an error occurred while loading the content.

Re: Status code of multiline responses logged

Expand Messages
  • Robert Sander
    ... RFC821 Appendix E states: The format for multiline replies requires that every line, except the last, begin with the reply code, followed immediately by a
    Message 1 of 8 , Dec 8, 2012
    • 0 Attachment
      Am 07.12.2012 22:29, schrieb Wietse Venema:
      > Florian Pritz:
      >
      > Checking application/pgp-signature: FAILURE
      > -- Start of PGP signed section.
      > [ Charset UTF-8 unsupported, converting... ]
      >> Hi,
      >>
      >> I've just seen the following log entry:
      >>> postfix/smtp[21188]: A494013804C: host eggs.gnu.org[208.118.235.92] said: 451-Your sender e-mail address could not be verified. You're greylisted for 20 451 minutes. Come back later. (in reply to RCPT TO command)
      > ...
      >> I know that the "451 " after in front of minutes is part of the SMTP
      >> protocol, but I really think that postfix shouldn't log it like that.
      >> IMHO the log entry should either be split into one line per response
      >> line from the server or better yet, it should strip the status code from
      >> all but the first line.
      >
      > You assume that all response lines will have the same reply code,
      > but that is not necessarily true. If Postfix were to log the first
      > reply code only, then you would never be aware of the discrepancy.

      RFC821 Appendix E states:

      The format for multiline replies requires that every line,
      except the last, begin with the reply code, followed
      immediately by a hyphen, "-" (also known as minus), followed by
      text. The last line will begin with the reply code, followed
      immediately by <SP>, optionally some text, and <CRLF>.


      So I would assume that you could leave out response codes except for the
      first line for the log output when concatenating a multiple response.

      Kindest Regards
      --
      Robert Sander
      Heinlein Support GmbH
      Schwedter Str. 8/9b, 10119 Berlin

      http://www.heinlein-support.de

      Tel: 030 / 405051-43
      Fax: 030 / 405051-19

      Zwangsangaben lt. §35a GmbHG:
      HRB 93818 B / Amtsgericht Berlin-Charlottenburg,
      Geschäftsführer: Peer Heinlein -- Sitz: Berlin
    • Reindl Harald
      ... the problem is that nearly all clients are only display the LAST respsonse-line which is as example currently a real problem with smtpd_reject_footer
      Message 2 of 8 , Dec 8, 2012
      • 0 Attachment
        Am 08.12.2012 13:26, schrieb Robert Sander:
        >> You assume that all response lines will have the same reply code,
        >> but that is not necessarily true. If Postfix were to log the first
        >> reply code only, then you would never be aware of the discrepancy.
        >
        > RFC821 Appendix E states:
        >
        > The format for multiline replies requires that every line,
        > except the last, begin with the reply code, followed
        > immediately by a hyphen, "-" (also known as minus), followed by
        > text. The last line will begin with the reply code, followed
        > immediately by <SP>, optionally some text, and <CRLF>.
        >
        >
        > So I would assume that you could leave out response codes except for the
        > first line for the log output when concatenating a multiple response.

        the problem is that nearly all clients are only display the LAST
        respsonse-line which is as example currently a real problem with
        "smtpd_reject_footer" because the user wil never see anything except
        the footer, AFAIK the will be the possiblity on postfix 2.10 to
        add the reject-footer without a new line to solve this

        i had this last week again where i customer did not understand the
        error message (which contained only the request footer) and a look
        in the maillog showed me that "reject_non_fqdn_recipient" was the
        (correct) reason

        "Recipient address rejected: need fully-qualified address"
      • Wietse Venema
        ... No, because some server will use different reply codes on different lines of the same reply. ... It s been in Postfix 2.10 for a while now (for people who
        Message 3 of 8 , Dec 8, 2012
        • 0 Attachment
          Someone who didn't read my reply:
          > So I would assume that you could leave out response codes except for the
          > first line for the log output when concatenating a multiple response.

          No, because some server will use different reply codes on
          different lines of the same reply.

          Reindl Harald:
          > the problem is that nearly all clients are only display the LAST
          > respsonse-line which is as example currently a real problem with
          > "smtpd_reject_footer" because the user wil never see anything except
          > the footer, AFAIK the will be the possiblity on postfix 2.10 to
          > add the reject-footer without a new line to solve this

          It's been in Postfix 2.10 for a while now (for people who
          can use the development release).

          Wietse
        • Reindl Harald
          ... i know, but i am really unsure if i can use the devel-release for production, technically the update is done in 5 minutes and the same time i am impressed
          Message 4 of 8 , Dec 8, 2012
          • 0 Attachment
            Am 08.12.2012 17:14, schrieb Wietse Venema:
            > Reindl Harald:
            >> the problem is that nearly all clients are only display the LAST
            >> respsonse-line which is as example currently a real problem with
            >> "smtpd_reject_footer" because the user wil never see anything except
            >> the footer, AFAIK the will be the possiblity on postfix 2.10 to
            >> add the reject-footer without a new line to solve this
            >
            > It's been in Postfix 2.10 for a while now (for people who
            > can use the development release)

            i know, but i am really unsure if i can use the devel-release
            for production, technically the update is done in 5 minutes
            and the same time i am impressed about the way you are not
            breaking backward compatibility over many years like most other
            dveloper does i think you must have good reasons to call it a
            development release and not 2.10 GA
          • Noel Jones
            ... Hash: SHA1 ... As the postfix download page says, the developmental releases are production-quality; it s the features that are considered developmental.
            Message 5 of 8 , Dec 8, 2012
            • 0 Attachment
              -----BEGIN PGP SIGNED MESSAGE-----
              Hash: SHA1

              On 12/8/2012 10:35 AM, Reindl Harald wrote:
              > i know, but i am really unsure if i can use the devel-release
              > for production, technically the update is done in 5 minutes and
              > the same time i am impressed about the way you are not breaking
              > backward compatibility over many years like most other dveloper
              > does i think you must have good reasons to call it a
              > development release and not 2.10 GA
              >


              As the postfix download page says, the developmental releases are
              production-quality; it's the features that are considered
              developmental. I've probably used 100+ snapshot versions in
              production with no notable incidents.

              Updates with significant new code are clearly marked
              non-production until the code has been fully tested. These are
              only released occasionally; there isn't one available right now.

              The features and controls do change, so you're expected to use a
              reasonably current snapshot; if you want to install something and
              not touch it for years, stick with -stable.



              -- Noel Jones
              -----BEGIN PGP SIGNATURE-----
              Version: GnuPG v2.0.17 (MingW32)
              Comment: Using GnuPG with undefined - http://www.enigmail.net/

              iQEcBAEBAgAGBQJQw46BAAoJEJGRUHb5Oh6g2rEH/RiD6hM64zXmRZKa+SKaZMXL
              4Z5C4pPgQPFZxtCmWEN51PP/ciY/ELMHQbrTP5zqWa1fCpWVXj1OwBzNueOBOg6m
              i7dW68tdnx6pLiGqLkaYYFzXqLBxDg2d79IOGO/xiAGMSLaKZk4lrBm9X/KCzxUD
              N15zmZLKXmNDxV4AsImQReszQg/q/VvcpLH7D/WDK9kDt9/y2fSL7+fm18VnooGJ
              rJgoI4EFxb/U/PgMx4beV1ihccNIOoReFR12nv4Gld+Vwb1vVAHKWnuScIm9p5Qp
              Olia36wd0ogRddU1W4ius0k8WfCiAFt1PmS1UBdvZCWHy6I3eGgWt0rFyfxHUns=
              =OQqv
              -----END PGP SIGNATURE-----
            • Reindl Harald
              ... thank you for the feedback this sounds really good and i will give 2.10-devel a try as soon as i have my currently jobs finished, means in the days between
              Message 6 of 8 , Dec 8, 2012
              • 0 Attachment
                Am 08.12.2012 20:01, schrieb Noel Jones:
                > On 12/8/2012 10:35 AM, Reindl Harald wrote:
                >> i know, but i am really unsure if i can use the devel-release
                >> for production, technically the update is done in 5 minutes and
                >> the same time i am impressed about the way you are not breaking
                >> backward compatibility over many years like most other dveloper
                >> does i think you must have good reasons to call it a
                >> development release and not 2.10 GA
                >>
                > As the postfix download page says, the developmental releases are
                > production-quality; it's the features that are considered
                > developmental. I've probably used 100+ snapshot versions in
                > production with no notable incidents.
                >
                > Updates with significant new code are clearly marked
                > non-production until the code has been fully tested. These are
                > only released occasionally; there isn't one available right now.
                >
                > The features and controls do change, so you're expected to use a
                > reasonably current snapshot; if you want to install something and
                > not touch it for years, stick with -stable.

                thank you for the feedback

                this sounds really good and i will give 2.10-devel a try as soon
                as i have my currently jobs finished, means in the days between
                christmas and new year

                i thought so because i am impressed of the quality of postfix
                at all and especially the way Wietses attitude to not break
                configurations not just for fun - as said some months ago:

                this world would be a better one if more developers would
                have this attitude - throwing things away and restart from
                scratch with all sorts of regressions is easy, a development
                like postfix have since many years is real quality

                thanks again for a real good application which works in a way
                you sometimes forget that it exists!
              Your message has been successfully submitted and would be delivered to recipients shortly.