Prev: qmgr watchdog timeout
Next: Can I Omit Same Values
From: Rob Tanner on 16 Mar 2010 15:55
Hi,

This is a weird one. From on campus (from any 10.0.0.0/8 address), when I
telnet to post 25 of the Postfix server and type in the ehlo start of the
handshake, I expect and get the following response:

ehlo beowulf
250-neskowin.linfield.edu
250-PIPELINING
250-SIZE 15000000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME

Bur from off-campus, I get this response:

ehlo cheshire
250-neskowin.linfield.edu
250-PIPELINING
250-SIZE 15000000
250-VRFY
250-ETRN
250-XXXXXXXA
250 8BITMIME

Since I¹m doing smtpd_tls_auth_only specifically for off-campus access, this
is rather problematic. Any idea what¹s going on and how I may have
inadvertently configured it that way?

Thanks,
Rob



--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville Oregon
503-883-2558

From: Brian Evans - Postfix List on 16 Mar 2010 16:00
On 3/16/2010 3:55 PM, Rob Tanner wrote:
> Hi,
> ehlo cheshire
> 250-neskowin.linfield.edu
> 250-PIPELINING
> 250-SIZE 15000000
> 250-VRFY
> 250-ETRN
> 250-XXXXXXXA

Firewall SMTP "fixup" that breaks everything.
Commonly seen in Cisco PIX routers/firewalls.
Best option is to disable fixup.

> 250 8BITMIME
>
> Since I�m doing smtpd_tls_auth_only specifically for off-campus
> access, this is rather problematic. Any idea what�s going on and how I
> may have inadvertently configured it that way?

From: Noel Jones on 16 Mar 2010 16:02
On 3/16/2010 2:55 PM, Rob Tanner wrote:
> Hi,
>
> This is a weird one. From on campus (from any 10.0.0.0/8 address), when
> I telnet to post 25 of the Postfix server and type in the ehlo start of
> the handshake, I expect and get the following response:
>
> ehlo beowulf
> 250-neskowin.linfield.edu
> 250-PIPELINING
> 250-SIZE 15000000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250 8BITMIME
>
> Bur from off-campus, I get this response:
>
> ehlo cheshire
> 250-neskowin.linfield.edu
> 250-PIPELINING
> 250-SIZE 15000000
> 250-VRFY
> 250-ETRN
> 250-XXXXXXXA
> 250 8BITMIME
>
> Since I’m doing smtpd_tls_auth_only specifically for off-campus access,
> this is rather problematic. Any idea what’s going on and how I may have
> inadvertently configured it that way?
>

Your firewall is eating the STARTTLS response. Not a postfix
issue.

-- Noel Jones

From: Rob Tanner on 16 Mar 2010 17:13
Yep. That fixed it. Thanks.


On 3/16/10 1:00 PM, "Brian Evans - Postfix List" <grknight(a)scent-team.com>
wrote:

> On 3/16/2010 3:55 PM, Rob Tanner wrote:
>> Hi,
>> ehlo cheshire
>> 250-neskowin.linfield.edu
>> 250-PIPELINING
>> 250-SIZE 15000000
>> 250-VRFY
>> 250-ETRN
>> 250-XXXXXXXA
>
> Firewall SMTP "fixup" that breaks everything.
> Commonly seen in Cisco PIX routers/firewalls.
> Best option is to disable fixup.
>
>> 250 8BITMIME
>>
>> Since I¹m doing smtpd_tls_auth_only specifically for off-campus
>> access, this is rather problematic. Any idea what¹s going on and how I
>> may have inadvertently configured it that way?
>

 | 
Pages: 1
Prev: qmgr watchdog timeout
Next: Can I Omit Same Values