smtpd_banner question
in [Postfix]
|
Prev: Banned spoofed address from my domain
Next: 2.7 RPM
From: Jon Tullett on 22 Feb 2010 03:50 Hi all This is probably a rank newbie question, but I've been unable to find an answer via Google or the archives, so hopefully someone here can point me in the right direction. As I understand it, smtpd_banner is used for both the banner line when someone connects to my server, and also when Postfix connects to another server to send mail. Stop me now if this is completely wrong :) The problem I have is that I've been getting rejected mail from a couple of specific recipients, saying "550 Access denied - Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)". My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the full localname+domain. I took "(Postfix)" out of the banner because I'm paranoid and don't like advertising what specific software is offering a service - is that omission now causing a problem? Now, when I change that banner to be _only_ the hostname, the remote server accepts the mail just fine - it appears to be choking on the "ESMTP" part. I verified this by telnetting into the remote server and greeting with "ehlo host.domain.com ESMTP", and it was rejected, then trying without and it was accepted. But I don't want to take ESMTP out of the banner, because I understand it's serving a useful purpose to hosts which deliver to my domain. Is this mistaken? Does it actually matter much? And my final questions are: is this mistaken config on my part? Should I be doing something differently? Assuming I have no control over the remote end which is rejecting our mail, and assuming it's a client we definitely need to communicate with, is it a big deal to drop the ESMTP from the smtpd_banner if that means mail gets through? And lastly, mainly as curiosity, is there a way to configure different banners for different purposes, such as inbound vs outbound, or on different interfaces, and so on? Thanks in advance for any help! -Jon
From: Ralf Hildebrandt on 22 Feb 2010 04:00 * Jon Tullett <jon.tullett(a)gmail.com>: > Hi all > > This is probably a rank newbie question, but I've been unable to find > an answer via Google or the archives, so hopefully someone here can > point me in the right direction. > > As I understand it, smtpd_banner is used for both the banner line when > someone connects to my server, Yes. > and also when Postfix connects to another server to send mail. No. > The problem I have is that I've been getting rejected mail from a > couple of specific recipients, saying "550 Access denied - Invalid > HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)". That's something different. postconf smtp_helo_name postconf myhostname returns what? > My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the mylocalhost??? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Jon Tullett on 22 Feb 2010 05:07 On 22 February 2010 11:00, Ralf Hildebrandt <Ralf.Hildebrandt(a)charite.de> wrote: > * Jon Tullett <jon.tullett(a)gmail.com>: > >> As I understand it, smtpd_banner is used for both the banner line when >> someone connects to my server, > > Yes. > >> and also when Postfix connects to another server to send mail. > > No. Ahah :) I found a reference to this on a Zimbra (I think) forum, and had proceeded from that assumption. But that only confuses me more, if tinkering with smtpd_banner was successful in getting a remote mail server to accept a connection, but a totally different variable should be passed. Is it possible the remote side is establishing a connection back to my server, to verify that the sender is real, or the banners match, or something weird like that? That seems like an unlikely sort of check. >> The problem I have is that I've been getting rejected mail from a >> couple of specific recipients, saying "550 Access denied - Invalid >> HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)". > > That's something different. > postconf smtp_helo_name > postconf myhostname > returns what? Both return the same - the hostname+domain and nothing else: mail.foo.com That is the default value for smtp_helo_name, the docs tell me. >> My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the > mylocalhost??? Sorry, my mistake, screwing up the variable name. I meant $myhostname, which is set to the machine's local name+domain. -Jon
From: Ralf Hildebrandt on 22 Feb 2010 05:11 * Jon Tullett <jon.tullett(a)gmail.com>: > > That's something different. > > postconf smtp_helo_name > > postconf myhostname > > returns what? > > Both return the same - the hostname+domain and nothing else: mail.foo.com > That is the default value for smtp_helo_name, the docs tell me. It would help not to munge the data, since that's what the other server doesn't like -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt(a)charite.de | http://www.charite.de
From: Magnus =?iso-8859-1?Q?B=E4ck?= on 22 Feb 2010 07:30
On Mon, February 22, 2010 9:50 am, Jon Tullett said: [...] > My smtpd_banner is set to "$mylocalhost ESMTP". The localhost is the > full localname+domain. I took "(Postfix)" out of the banner because > I'm paranoid and don't like advertising what specific software is > offering a service - is that omission now causing a problem? That omission doesn't contribute to your problem, but it's fairly useless since MTAs can typically be identiifed anyway based on behaviour and messages etc. Postfix example: $ telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 elwood.jpl.local ESMTP Postfix POST foo 221 2.7.0 Error: I can break rules, too. Goodbye. Connection closed by foreign host. [...] -- Magnus B�ck magnus(a)dsek.lth.se |