From: Jon Tullett on
Hi all

This is probably a rank newbie question, but I've been unable to find
an answer via Google or the archives, so hopefully someone here can
point me in the right direction.

As I understand it, smtpd_banner is used for both the banner line when
someone connects to my server, and also when Postfix connects to
another server to send mail. Stop me now if this is completely wrong
:)

The problem I have is that I've been getting rejected mail from a
couple of specific recipients, saying "550 Access denied - Invalid
HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)".

My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the
full localname+domain. I took "(Postfix)" out of the banner because
I'm paranoid and don't like advertising what specific software is
offering a service - is that omission now causing a problem?

Now, when I change that banner to be _only_ the hostname, the remote
server accepts the mail just fine - it appears to be choking on the
"ESMTP" part. I verified this by telnetting into the remote server and
greeting with "ehlo host.domain.com ESMTP", and it was rejected, then
trying without and it was accepted.

But I don't want to take ESMTP out of the banner, because I understand
it's serving a useful purpose to hosts which deliver to my domain. Is
this mistaken? Does it actually matter much?

And my final questions are: is this mistaken config on my part? Should
I be doing something differently? Assuming I have no control over the
remote end which is rejecting our mail, and assuming it's a client we
definitely need to communicate with, is it a big deal to drop the
ESMTP from the smtpd_banner if that means mail gets through? And
lastly, mainly as curiosity, is there a way to configure different
banners for different purposes, such as inbound vs outbound, or on
different interfaces, and so on?

Thanks in advance for any help!

-Jon

From: Ralf Hildebrandt on
* Jon Tullett <jon.tullett(a)gmail.com>:
> Hi all
>
> This is probably a rank newbie question, but I've been unable to find
> an answer via Google or the archives, so hopefully someone here can
> point me in the right direction.
>
> As I understand it, smtpd_banner is used for both the banner line when
> someone connects to my server,

Yes.

> and also when Postfix connects to another server to send mail.

No.

> The problem I have is that I've been getting rejected mail from a
> couple of specific recipients, saying "550 Access denied - Invalid
> HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)".

That's something different.
postconf smtp_helo_name
postconf myhostname
returns what?

> My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the
mylocalhost???

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt(a)charite.de | http://www.charite.de


From: Jon Tullett on
On 22 February 2010 11:00, Ralf Hildebrandt <Ralf.Hildebrandt(a)charite.de> wrote:
> * Jon Tullett <jon.tullett(a)gmail.com>:
>
>> As I understand it, smtpd_banner is used for both the banner line when
>> someone connects to my server,
>
> Yes.
>
>> and also when Postfix connects to another server to send mail.
>
> No.

Ahah :) I found a reference to this on a Zimbra (I think) forum, and
had proceeded from that assumption. But that only confuses me more, if
tinkering with smtpd_banner was successful in getting a remote mail
server to accept a connection, but a totally different variable should
be passed.

Is it possible the remote side is establishing a connection back to my
server, to verify that the sender is real, or the banners match, or
something weird like that? That seems like an unlikely sort of check.


>> The problem I have is that I've been getting rejected mail from a
>> couple of specific recipients, saying "550 Access denied - Invalid
>> HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)".
>
> That's something different.
> postconf smtp_helo_name
> postconf myhostname
> returns what?

Both return the same - the hostname+domain and nothing else: mail.foo.com
That is the default value for smtp_helo_name, the docs tell me.


>> My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the
> mylocalhost???

Sorry, my mistake, screwing up the variable name. I meant $myhostname,
which is set to the machine's local name+domain.

-Jon

From: Ralf Hildebrandt on
* Jon Tullett <jon.tullett(a)gmail.com>:

> > That's something different.
> > postconf smtp_helo_name
> > postconf myhostname
> > returns what?
>
> Both return the same - the hostname+domain and nothing else: mail.foo.com
> That is the default value for smtp_helo_name, the docs tell me.

It would help not to munge the data, since that's what the other
server doesn't like

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt(a)charite.de | http://www.charite.de


From: Magnus =?iso-8859-1?Q?B=E4ck?= on
On Mon, February 22, 2010 9:50 am, Jon Tullett said:

[...]

> My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the
> full localname+domain. I took "(Postfix)" out of the banner because
> I'm paranoid and don't like advertising what specific software is
> offering a service - is that omission now causing a problem?

That omission doesn't contribute to your problem, but it's fairly useless
since MTAs can typically be identiifed anyway based on behaviour and
messages etc. Postfix example:

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 elwood.jpl.local ESMTP Postfix
POST foo
221 2.7.0 Error: I can break rules, too. Goodbye.
Connection closed by foreign host.

[...]

--
Magnus B�ck
magnus(a)dsek.lth.se

 |  Next  |  Last
Pages: 1 2
Prev: Banned spoofed address from my domain
Next: 2.7 RPM