As I previously wrote, I was working on a central SMTP relay system for internal servers. I came across a strange problem today, when a client couldn't send any mails.
After activating that particular client (10.10.44.20) in the debug_peer_list, I found the following information in the mail logs:
postfix/smtpd[9045]: connect from unknown[10.10.44.20]
postfix/smtpd[9045]: match_hostaddr: smtpd_client_event_limit_exceptions: 10.10.44.20 ~? cidr:/etc/postfix/networks(0,lock|utf8_request)
postfix/smtpd[9045]: dict_cidr_lookup: /etc/postfix/networks: 10.10.44.20
postfix/smtpd[9045]: > unknown[10.10.44.20]: 220 inf-smtp01-p.nzzmg.ch ESMTP Postfix (Ubuntu)
postfix/smtpd[9045]: < unknown[10.10.44.20]: HELO
postfix/smtpd[9045]: > unknown[10.10.44.20]: 501 Syntax: HELO hostname
postfix/smtpd[9045]: < unknown[10.10.44.20]: QUIT
postfix/smtpd[9045]: > unknown[10.10.44.20]: 221 2.0.0 Bye
postfix/smtpd[9045]: match_hostaddr: smtpd_client_event_limit_exceptions: 10.10.44.20 ~? cidr:/etc/postfix/networks(0,lock|utf8_request)
postfix/smtpd[9045]: dict_cidr_lookup: /etc/postfix/networks: 10.10.44.20
Interestingly, the client didn't send any value after the HELO command. That's a must according to the basic SMTP rules!
Without deeper explanation into the who and why's, I added a workaround into Postfix to allow such empty HELO commands. Or better said: I told Postfix to rewrite the faulty SMTP command.
This can be done by using smtpd_command_filter in /etc/postfix/main.cf:
smtpd_command_filter = pcre:/etc/postfix/command_filter
In order to use pcre tables, the pcre postfix module must first be installed:
apt-get install postfix-pcre
Within the /etc/postfix/command_filter file, I used the exact same example as mentioned in the official Postfix documentation for smtpd_command_filter:
# Work around clients that send malformed HELO commands.
/^HELO\s*$/ HELO domain.invalid
The empty HELO can now be tested manually with telnet:
$ telnet centralmailrelay.example.com 25
Trying xxx.xxx.xxx.xxx...
Connected to centralmailrelay.example.com.
Escape character is '^]'.
220 mail1.example.com ESMTP Postfix (Ubuntu)
HELO
250 mail1.example.com
quit
221 2.0.0 Bye
Connection closed by foreign host.
Yes. Works.
But, as mentioned, this should be fixed on the client as this is SMTP basics.
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Icingaweb Icingaweb2 Influx Internet Java KVM Kibana Kodi Kubernetes LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder