Loading ...
Sorry, an error occurred while loading the content.

Re: postfix 2.8 and upper don't close connection with smtpd_proxy_filter

Expand Messages
  • Ludovic LEVET
    Hi Wietse, I m agree with you, after sending END-OF-MESSAGE, the Postfix smtpd_proxy_CLIENT closes the SMTP connection to the before-queue content filter
    Message 1 of 17 , Apr 23, 2013
    • 0 Attachment
      Hi Wietse,

      I'm agree with you, after sending END-OF-MESSAGE, the Postfix
      smtpd_proxy_CLIENT closes the SMTP connection
      to the before-queue content filter without sending QUIT command and wait
      for a 221 reply.

      But Postfix smtpd complain to be compatible with ESMTP protocol
      (http://www.postfix.org/SMTPD_PROXY_README.html), and specify in Postfix
      Before-Queue Content Filter 'How Postfix talks to the before-queue
      content filter' that QUIT command is used.
      It this true on postfix 2.6.x but not on upper version.

      So, DKIMproxy work like it will be, it repeat the same dialog in IN
      (port 10025) to OUT (port 10026) and add only status in header. So, if
      it don't received QUIT command in IN, it don't send it in OUT.

      Then the problem is well in Postfix smtpd_proxy_CLIENT (was ok on 2.6.x
      version).

      So, i think and i said that ESMTP protocol will be fully respected by
      Postfix smtpd_proxy_CLIENT.
      Modifying dkimproxy will be only a workaround for this problem, but it
      will not be serious implemantation in respect of RFC.

      Are you agree with me ?

      Ludovic.


      Le 23/04/2013 14:22, Wietse Venema a écrit :
      >>> Apr 22 14:20:08 dedi postfix/smtpd[2974]: smtp_get: timeout
      >>> Apr 22 14:20:08 dedi postfix/smtpd[2974]: >
      >>> dedi.ludosoft.org[127.0.0.1]: 421 4.4.2 dedi.ludosoft.org Error:
      >>> timeout exceeded
      >>> Apr 22 14:20:08 dedi postfix/smtpd[2974]: match_hostname:
      >>> dedi.ludosoft.org ~? 127.0.0.0/8
      >>> Apr 22 14:20:08 dedi postfix/smtpd[2974]: match_hostaddr: 127.0.0.1
      >>> ~? 127.0.0.0/8
      >>> Apr 22 14:20:08 dedi postfix/smtpd[2974]: timeout after
      >>> END-OF-MESSAGE from dedi.ludosoft.org[127.0.0.1]
      >>> Apr 22 14:20:08 dedi postfix/smtpd[2974]: disconnect from
      >>> dedi.ludosoft.org[127.0.0.1]
      > After sending END-OF-MESSAGE, the Postfix smtpd_proxy_CLIENT closes
      > the SMTP connection to the before-queue content filter.
      >
      > Apparently the content filter is waiting for QUIT *after* the
      > connection is closed. Please file a bug report for the content
      > filter.
      >
      > Wietse
    • Michael Storz
      ... And this is exactly the problem: smtpd_proxy_CLIENT closes the connection without sending the QUIT command first, which is in violation of RFC 5321,
      Message 2 of 17 , Apr 23, 2013
      • 0 Attachment
        Am 2013-04-23 14:22, schrieb Wietse Venema:
        >> > Apr 22 14:20:08 dedi postfix/smtpd[2974]: smtp_get: timeout
        >> > Apr 22 14:20:08 dedi postfix/smtpd[2974]: >
        >> > dedi.ludosoft.org[127.0.0.1]: 421 4.4.2 dedi.ludosoft.org Error:
        >> > timeout exceeded
        >> > Apr 22 14:20:08 dedi postfix/smtpd[2974]: match_hostname:
        >> > dedi.ludosoft.org ~? 127.0.0.0/8
        >> > Apr 22 14:20:08 dedi postfix/smtpd[2974]: match_hostaddr:
        >> 127.0.0.1
        >> > ~? 127.0.0.0/8
        >> > Apr 22 14:20:08 dedi postfix/smtpd[2974]: timeout after
        >> > END-OF-MESSAGE from dedi.ludosoft.org[127.0.0.1]
        >> > Apr 22 14:20:08 dedi postfix/smtpd[2974]: disconnect from
        >> > dedi.ludosoft.org[127.0.0.1]
        >
        > After sending END-OF-MESSAGE, the Postfix smtpd_proxy_CLIENT closes
        > the SMTP connection to the before-queue content filter.

        And this is exactly the problem: smtpd_proxy_CLIENT closes the
        connection without sending
        the QUIT command first, which is in violation of RFC 5321, section
        "4.1.1.10. QUIT (QUIT)"

        We see the same behavior here with pre-queue amavisd:

        Apr 23 22:01:21 lxmhs57 amavis[32118]: (32118-01) ESMTP> 554 5.7.0
        Reject, id=32118-01 - spam
        Apr 23 22:01:21 lxmhs57 postfix-mwnin/smtpd[32156]: <
        [127.0.0.1]:10001: 554 5.7.0 Reject, id=32118-01 - spam
        Apr 23 22:01:21 lxmhs57 postfix-mwnin/smtpd[32156]: > unknown
        [95.58.34.47]: 554 5.7.0 Reject, id=32118-01 - spam
        Apr 23 22:01:21 lxmhs57 postfix-mwnin/smtpd[32156]: proxy-reject:
        END-OF-MESSAGE: 554 5.7.0 Reject, id=32118-01 - spam; from=<SPAMMER>
        to=<CUSTOMER> proto=ESMTP helo=<bla>
        Apr 23 22:01:21 lxmhs57 amavis[32118]: (32118-01) smtp readline: EOF
        Apr 23 22:01:21 lxmhs57 amavis[32118]: (32118-01) SMTP session over,
        timer stopped
        Apr 23 22:01:21 lxmhs57 amavis[32118]: (32118-01) ESMTP: notice: client
        broke the connection without a QUIT ()

        >
        > Apparently the content filter is waiting for QUIT *after* the
        > connection is closed. Please file a bug report for the content
        > filter.
        >
        > Wietse

        Wietse, this was a bug report for Postfix! Filing a bug report for the
        content filter because it does not check for a dropped connection is
        another story.

        Michael
      • Viktor Dukhovni
        ... This is irrelevant. All TCP services need to handle mid-stream client disconnect sensibly. QUIT is nice to send, but this is not always possible, so
        Message 3 of 17 , Apr 23, 2013
        • 0 Attachment
          On Tue, Apr 23, 2013 at 10:52:02PM +0200, Michael Storz wrote:

          > >After sending END-OF-MESSAGE, the Postfix smtpd_proxy_CLIENT closes
          > >the SMTP connection to the before-queue content filter.
          >
          > And this is exactly the problem: smtpd_proxy_CLIENT closes the
          > connection without sending
          > the QUIT command first, which is in violation of RFC 5321, section
          > "4.1.1.10. QUIT (QUIT)"

          This is irrelevant. All TCP services need to handle mid-stream
          client disconnect sensibly. QUIT is nice to send, but this is not
          always possible, so deviating from RFC 5321 by not sending QUIT
          is harmless.

          > >Apparently the content filter is waiting for QUIT *after* the
          > >connection is closed. Please file a bug report for the content
          > >filter.
          >
          > Wietse, this was a bug report for Postfix! Filing a bug report for
          > the content filter because it does not check for a dropped
          > connection is another story.

          And yet that's the real problem, the content filter must propagate
          not only QUIT but also EOF.

          --
          Viktor.
        • Wietse Venema
          ... If you have a problem with disconnect without quit , then you are spending too much time in the company of computers. If some software cannot handle
          Message 4 of 17 , Apr 23, 2013
          • 0 Attachment
            > > After sending END-OF-MESSAGE, the Postfix smtpd_proxy_CLIENT closes
            > > the SMTP connection to the before-queue content filter.
            >
            > And this is exactly the problem: smtpd_proxy_CLIENT closes the

            If you have a problem with "disconnect without quit", then you are
            spending too much time in the company of computers.

            If some software cannot handle "disconnect without quit", then
            please file a bug report there.

            I am done with this thread. Go out, have a beer.

            Wietse
          • Kristof Bajnok
            ... For the OP, http://cr.yp.to/smtp/quit.html might be an explanation of the quit-problem. I suppose Postfix dropped client quit for similar reasons. Kristof
            Message 5 of 17 , Apr 23, 2013
            • 0 Attachment
              On 2013-04-23 23:21, Viktor Dukhovni wrote:
              >>> After sending END-OF-MESSAGE, the Postfix smtpd_proxy_CLIENT closes
              >>> > >the SMTP connection to the before-queue content filter.
              >> >
              >> > And this is exactly the problem: smtpd_proxy_CLIENT closes the
              >> > connection without sending
              >> > the QUIT command first, which is in violation of RFC 5321, section
              >> > "4.1.1.10. QUIT (QUIT)"
              > This is irrelevant. All TCP services need to handle mid-stream
              > client disconnect sensibly. QUIT is nice to send, but this is not
              > always possible, so deviating from RFC 5321 by not sending QUIT
              > is harmless.

              For the OP, http://cr.yp.to/smtp/quit.html might be an explanation of
              the quit-problem. I suppose Postfix dropped client quit for similar reasons.

              Kristof
            • Ludovic LEVET
              I m sad to see this type of response ... Sorry, but when I take the bus, i come in by the door, and out by the door. I don t go out of the bus by the window,
              Message 6 of 17 , Apr 25, 2013
              • 0 Attachment
                I'm sad to see this type of response ...

                Sorry, but when I take the bus, i come in by the door, and out by the
                door. I don't go out of the bus by the window, the emergency issue.
                So today, your are saying me to go out by the windows, the door is
                locked ...

                So, yes it may be true, i'm 'too old school' professional computer.
                And yes ... why writing RFC and lose so much time to elaborate it ...
                Oh, yes ! For interoperability and perfect dialog between 2 or more
                program ...

                I don't understand why it create a polemic, it was working before, not
                now. And nobody have create a new RFC to remove this command. Using
                emergency
                mode like normal operating mode is not a normal work.

                And what else ?
                I go out take a coffe (G.Cloney French joke ...)

                Ludovic.


                Le 23/04/2013 23:28, Wietse Venema a écrit :
                >>> After sending END-OF-MESSAGE, the Postfix smtpd_proxy_CLIENT closes
                >>> the SMTP connection to the before-queue content filter.
                >> And this is exactly the problem: smtpd_proxy_CLIENT closes the
                > If you have a problem with "disconnect without quit", then you are
                > spending too much time in the company of computers.
                >
                > If some software cannot handle "disconnect without quit", then
                > please file a bug report there.
                >
                > I am done with this thread. Go out, have a beer.
                >
                > Wietse
              • Ludovic LEVET
                Deviation is use only in case of problem, et RFC give this possibility by the time out , but not in normal condition. Ludovic. ... -- ... Ce message inclut
                Message 7 of 17 , Apr 25, 2013
                • 0 Attachment
                  Deviation is use only in case of problem, et RFC give this possibility
                  by the 'time out', but not in normal condition.

                  Ludovic.

                  Le 23/04/2013 23:21, Viktor Dukhovni a écrit :
                  > On Tue, Apr 23, 2013 at 10:52:02PM +0200, Michael Storz wrote:
                  >
                  >>> After sending END-OF-MESSAGE, the Postfix smtpd_proxy_CLIENT closes
                  >>> the SMTP connection to the before-queue content filter.
                  >> And this is exactly the problem: smtpd_proxy_CLIENT closes the
                  >> connection without sending
                  >> the QUIT command first, which is in violation of RFC 5321, section
                  >> "4.1.1.10. QUIT (QUIT)"
                  > This is irrelevant. All TCP services need to handle mid-stream
                  > client disconnect sensibly. QUIT is nice to send, but this is not
                  > always possible, so deviating from RFC 5321 by not sending QUIT
                  > is harmless.
                  >
                  >>> Apparently the content filter is waiting for QUIT *after* the
                  >>> connection is closed. Please file a bug report for the content
                  >>> filter.
                  >> Wietse, this was a bug report for Postfix! Filing a bug report for
                  >> the content filter because it does not check for a dropped
                  >> connection is another story.
                  > And yet that's the real problem, the content filter must propagate
                  > not only QUIT but also EOF.
                  >

                  --
                  -------------------------------------------------------------------------------------------------------------------------
                  Ce message inclut une signature numérique. Il certifie que l'expéditeur et le contenue du message sont authentiques.
                  Si votre logiciel de messagerie est compatible, Il doit garantir que le document n'a pas été altéré entre l'instant où
                  l'auteur l'a signé et le moment où le lecteur le consulte.
                  Loi n°2000-230 du 13 mars 2000 Art. 1316, 1316-1, 1316-2, 1316-3, 1316-4 du Code civil.
                  La présence d'un fichier joint 'smime.p7s' (fichier signature) indique que votre client messagerie n'est pas compatible.
                  -------------------------------------------------------------------------------------------------------------------------
                Your message has been successfully submitted and would be delivered to recipients shortly.