[pfx] Re: Problems Receiving Email But Only from Microsoft/Outlook [lost connection after EHLO]

Mon, 02 Dec 2024 18:03:34 -0800 


Here's a full debug log from 1 connection attempt from Outlook.com
It seems they send EHLO, I reply with everything I support and they just hangup? 


postfix/smtpd[27329]: connect from 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]

postfix/smtpd[27329]: smtp_stream_setup: maxtime=300 enable_deadline=0

postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 127.0.0.0/8
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 127.0.0.0/8
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 
[::ffff:127.0.0.0]/104
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 
[::ffff:127.0.0.0]/104
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? [::1]/128
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? [::1]/128
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 142.93.19.23
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 142.93.19.23
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 116.251.193.218
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 116.251.193.218
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 192.168.0.0/16
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 192.168.0.0/16
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 35.231.98.247
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 35.231.98.247
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 74.48.81.187
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 74.48.81.187
postfix/smtpd[27329]: match_list_match: 
mail-psaapc01on2132.outbound.protection.outlook.com: no match

postfix/smtpd[27329]: match_list_match: 40.107.255.132: no match
postfix/smtpd[27329]: auto_clnt_open: connected to private/anvil
postfix/smtpd[27329]: send attr request = connect
postfix/smtpd[27329]: send attr ident = smtp:40.107.255.132
postfix/smtpd[27329]: private/anvil: wanted attribute: status
postfix/smtpd[27329]: input attribute name: status
postfix/smtpd[27329]: input attribute value: 0
postfix/smtpd[27329]: private/anvil: wanted attribute: count
postfix/smtpd[27329]: input attribute name: count
postfix/smtpd[27329]: input attribute value: 1
postfix/smtpd[27329]: private/anvil: wanted attribute: rate
postfix/smtpd[27329]: input attribute name: rate
postfix/smtpd[27329]: input attribute value: 1
postfix/smtpd[27329]: private/anvil: wanted attribute: (list terminator)
postfix/smtpd[27329]: input attribute name: (end)
postfix/smtpd[27329]: report connect to all milters

postfix/smtpd[27329]: milter8_connect: non-protocol events for protocol 
version 6:
postfix/smtpd[27329]: milter8_connect: transport=inet 
endpoint=localhost:11332

postfix/smtpd[27329]: trying... [127.0.0.1]
postfix/smtpd[27329]: vstream_tweak_tcp: TCP_MAXSEG 32741
postfix/smtpd[27329]: fd=18: stream buffer size old=0 new=130964
postfix/smtpd[27329]: milter8_connect: my_version=0x6

postfix/smtpd[27329]: milter8_connect: my_actions=0x1ff SMFIF_ADDHDRS 
SMFIF_CHGBODY SMFIF_ADDRCPT SMFIF_DELRCPT SMFIF_CHGHDRS SMFIF_QUARANTINE 
SMFIF_CHGFROM SMFIF_ADDRCPT_PAR SMFIF_SETSYMLIST
postfix/smtpd[27329]: milter8_connect: my_events=0x1fffff 
SMFIP_NOCONNECT SMFIP_NOHELO SMFIP_NOMAIL SMFIP_NORCPT SMFIP_NOBODY 
SMFIP_NOHDRS SMFIP_NOEOH SMFIP_NR_HDR SMFIP_NOUNKNOWN SMFIP_NODATA SM
FIP_SKIP SMFIP_RCPT_REJ SMFIP_NR_CONN SMFIP_NR_HELO SMFIP_NR_MAIL 
SMFIP_NR_RCPT SMFIP_NR_DATA SMFIP_NR_UNKN SMFIP_NR_EOH SMFIP_NR_BODY 
SMFIP_HDR_LEADSPC
postfix/smtpd[27329]: milter8_connect: milter inet:localhost:11332 
version 6
postfix/smtpd[27329]: milter8_connect: events SMFIP_NR_HDR SMFIP_NR_CONN 
SMFIP_NR_HELO SMFIP_NR_MAIL SMFIP_NR_RCPT SMFIP_NR_DATA SMFIP_NR_UNKN 
SMFIP_NR_EOH SMFIP_NR_BODY
postfix/smtpd[27329]: milter8_connect: requests SMFIF_ADDHDRS 
SMFIF_CHGBODY SMFIF_ADDRCPT SMFIF_DELRCPT SMFIF_CHGHDRS SMFIF_QUARANTINE 
SMFIF_CHGFROM SMFIF_ADDRCPT_PAR SMFIF_SETSYMLIST

postfix/smtpd[27329]: milter_macro_lookup: "j"
postfix/smtpd[27329]: milter_macro_lookup: result "mail.muppetz.com"
postfix/smtpd[27329]: milter_macro_lookup: "{daemon_name}"
postfix/smtpd[27329]: milter_macro_lookup: result "mail.muppetz.com"
postfix/smtpd[27329]: milter_macro_lookup: "{daemon_addr}"
postfix/smtpd[27329]: milter_macro_lookup: result "142.93.19.23"
postfix/smtpd[27329]: milter_macro_lookup: "v"
postfix/smtpd[27329]: milter_macro_lookup: result "Postfix 3.4.23"

postfix/smtpd[27329]: milter8_conn_event: milter inet:localhost:11332: 
connect 
mail-psaapc01on2132.outbound.protection.outlook.com/40.107.255.132
postfix/smtpd[27329]: event: SMFIC_CONNECT; macros: j=mail.muppetz.com 
{daemon_name}=mail.muppetz.com {daemon_addr}=142.93.19.23 v=Postfix 
3.4.23
postfix/smtpd[27329]: skipping reply for event SMFIC_CONNECT from milter 
inet:localhost:11332
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 220 
mail.muppetz.com ESMTP - Phone call for Kermit the Frog. You Kermit the 
Frog?

postfix/smtpd[27329]: watchdog_pat: 0x1dc017276230

postfix/smtpd[27329]: < 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
EHLO APC01-PSA-obe.outbound.protection.outlook.com

postfix/smtpd[27329]: report helo to all milters
postfix/smtpd[27329]: milter_macro_lookup: "{tls_version}"
postfix/smtpd[27329]: milter_macro_lookup: "{cipher}"
postfix/smtpd[27329]: milter_macro_lookup: "{cipher_bits}"
postfix/smtpd[27329]: milter_macro_lookup: "{cert_subject}"
postfix/smtpd[27329]: milter_macro_lookup: "{cert_issuer}"

postfix/smtpd[27329]: milter8_helo_event: milter inet:localhost:11332: 
helo APC01-PSA-obe.outbound.protection.outlook.com

postfix/smtpd[27329]: event: SMFIC_HELO; macros: (none)

postfix/smtpd[27329]: skipping reply for event SMFIC_HELO from milter 
inet:localhost:11332
postfix/smtpd[27329]: match_list_match: 
mail-psaapc01on2132.outbound.protection.outlook.com: no match

postfix/smtpd[27329]: match_list_match: 40.107.255.132: no match

postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-mail.muppetz.com
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-PIPELINING
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-SIZE 81920000
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-ETRN
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-STARTTLS
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-ENHANCEDSTATUSCODES
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-8BITMIME
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-DSN
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-SMTPUTF8
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 250 
CHUNKING

postfix/smtpd[27329]: watchdog_pat: 0x1dc017276230

postfix/smtpd[27329]: < 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
STARTTLS

postfix/smtpd[27329]: query milter states for other event
postfix/smtpd[27329]: milter8_other_event: milter inet:localhost:11332

postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 220 
2.0.0 Ready to start TLS

postfix/smtpd[27329]: abort all milters
postfix/smtpd[27329]: milter8_abort: abort milter inet:localhost:11332
postfix/smtpd[27329]: auto_clnt_open: connected to private/tlsmgr
postfix/smtpd[27329]: send attr request = seed
postfix/smtpd[27329]: send attr size = 32
postfix/smtpd[27329]: private/tlsmgr: wanted attribute: status
postfix/smtpd[27329]: input attribute name: status
postfix/smtpd[27329]: input attribute value: 0
postfix/smtpd[27329]: private/tlsmgr: wanted attribute: seed
postfix/smtpd[27329]: input attribute name: seed

postfix/smtpd[27329]: input attribute value: 
YtY9zG9NratAYNEq2SxFyfukMPpA06J+F8P80rlkV7w=
postfix/smtpd[27329]: private/tlsmgr: wanted attribute: (list 
terminator)

postfix/smtpd[27329]: input attribute name: (end)
postfix/smtpd[27329]: send attr request = tktkey
postfix/smtpd[27329]: send attr keyname = [data 0 bytes]
postfix/smtpd[27329]: private/tlsmgr: wanted attribute: status
postfix/smtpd[27329]: input attribute name: status
postfix/smtpd[27329]: input attribute value: 0
postfix/smtpd[27329]: private/tlsmgr: wanted attribute: keybuf
postfix/smtpd[27329]: input attribute name: keybuf

postfix/smtpd[27329]: input attribute value: 
KetkUDiQNytGVSLRMBGusFt0etmBj9r4AjE2W/WjUWgkYfLs1KZ1YLROBENRMHvZJlyCQtIrWx3rm1C1jLjjEdMb9LEMObUo8uWhfYjhAce4AVNnAAAAAA==
postfix/smtpd[27329]: private/tlsmgr: wanted attribute: (list 
terminator)

postfix/smtpd[27329]: input attribute name: (end)
postfix/smtpd[27329]: send attr request = update
postfix/smtpd[27329]: send attr cache_type = smtpd

postfix/smtpd[27329]: send attr cache_id = 
A495CE538EE44F08140D772D0BA3116890BC90CB2CCD85AF30E639154845EED9&s=smtp&l=269488367

postfix/smtpd[27329]: send attr session = [data 2610 bytes]
postfix/smtpd[27329]: private/tlsmgr: wanted attribute: status
postfix/smtpd[27329]: input attribute name: status
postfix/smtpd[27329]: input attribute value: 0

postfix/smtpd[27329]: private/tlsmgr: wanted attribute: (list 
terminator)

postfix/smtpd[27329]: input attribute name: (end)

postfix/smtpd[27329]: xsasl_dovecot_server_create: SASL service=smtp, 
realm=mail.muppetz.com

postfix/smtpd[27329]: name_mask: noanonymous
postfix/smtpd[27329]: xsasl_dovecot_server_connect: Connecting

postfix/smtpd[27329]: xsasl_dovecot_server_connect: auth reply: 
VERSION?1?2
postfix/smtpd[27329]: xsasl_dovecot_server_connect: auth reply: 
MECH?PLAIN?plaintext

postfix/smtpd[27329]: name_mask: plaintext

postfix/smtpd[27329]: xsasl_dovecot_server_connect: auth reply: 
MECH?LOGIN?plaintext

postfix/smtpd[27329]: name_mask: plaintext

postfix/smtpd[27329]: xsasl_dovecot_server_connect: auth reply: 
SPID?6187
postfix/smtpd[27329]: xsasl_dovecot_server_connect: auth reply: 
CUID?54593
postfix/smtpd[27329]: xsasl_dovecot_server_connect: auth reply: 
COOKIE?2be0d7092a77249f8a459e5a0f10a346

postfix/smtpd[27329]: xsasl_dovecot_server_connect: auth reply: DONE

postfix/smtpd[27329]: xsasl_dovecot_server_mech_filter: keep mechanism: 
PLAIN
postfix/smtpd[27329]: xsasl_dovecot_server_mech_filter: keep mechanism: 
LOGIN

postfix/smtpd[27329]: watchdog_pat: 0x1dc017276230

postfix/smtpd[27329]: < 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
EHLO APC01-PSA-obe.outbound.protection.outlook.com

postfix/smtpd[27329]: report helo to all milters
postfix/smtpd[27329]: milter_macro_lookup: "{tls_version}"
postfix/smtpd[27329]: milter_macro_lookup: result "TLSv1.3"
postfix/smtpd[27329]: milter_macro_lookup: "{cipher}"

postfix/smtpd[27329]: milter_macro_lookup: result 
"TLS_AES_256_GCM_SHA384"

postfix/smtpd[27329]: milter_macro_lookup: "{cipher_bits}"
postfix/smtpd[27329]: milter_macro_lookup: result "256"
postfix/smtpd[27329]: milter_macro_lookup: "{cert_subject}"

postfix/smtpd[27329]: milter_macro_lookup: result 
"mail.protection.outlook.com"

postfix/smtpd[27329]: milter_macro_lookup: "{cert_issuer}"

postfix/smtpd[27329]: milter_macro_lookup: result "DigiCert Cloud 
Services CA-1"
postfix/smtpd[27329]: milter8_helo_event: milter inet:localhost:11332: 
helo APC01-PSA-obe.outbound.protection.outlook.com
postfix/smtpd[27329]: event: SMFIC_HELO; macros: {tls_version}=TLSv1.3 
{cipher}=TLS_AES_256_GCM_SHA384 {cipher_bits}=256 
{cert_subject}=mail.protection.outlook.com {cert_issuer}=DigiCert Cloud 
Se

rvices CA-1

postfix/smtpd[27329]: skipping reply for event SMFIC_HELO from milter 
inet:localhost:11332
postfix/smtpd[27329]: match_list_match: 
mail-psaapc01on2132.outbound.protection.outlook.com: no match

postfix/smtpd[27329]: match_list_match: 40.107.255.132: no match

postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-mail.muppetz.com
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-PIPELINING
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-SIZE 81920000
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-ETRN
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-AUTH PLAIN LOGIN
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-AUTH=PLAIN LOGIN
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-ENHANCEDSTATUSCODES
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-8BITMIME
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-DSN
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 
250-SMTPUTF8
postfix/smtpd[27329]: > 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]: 250 
CHUNKING

postfix/smtpd[27329]: watchdog_pat: 0x1dc017276230
postfix/smtpd[27329]: smtp_get: EOF

postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 127.0.0.0/8
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 127.0.0.0/8
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 
[::ffff:127.0.0.0]/104
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 
[::ffff:127.0.0.0]/104
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? [::1]/128
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? [::1]/128
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 142.93.19.23
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 142.93.19.23
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 116.251.193.218
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 116.251.193.218
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 192.168.0.0/16
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 192.168.0.0/16
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 35.231.98.247
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 35.231.98.247
postfix/smtpd[27329]: match_hostname: 
smtpd_client_event_limit_exceptions: 
mail-psaapc01on2132.outbound.protection.outlook.com ~? 74.48.81.187
postfix/smtpd[27329]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 40.107.255.132 ~? 74.48.81.187
postfix/smtpd[27329]: match_list_match: 
mail-psaapc01on2132.outbound.protection.outlook.com: no match

postfix/smtpd[27329]: match_list_match: 40.107.255.132: no match
postfix/smtpd[27329]: send attr request = disconnect
postfix/smtpd[27329]: send attr ident = smtp:40.107.255.132
postfix/smtpd[27329]: private/anvil: wanted attribute: status
postfix/smtpd[27329]: input attribute name: status
postfix/smtpd[27329]: input attribute value: 0
postfix/smtpd[27329]: private/anvil: wanted attribute: (list terminator)
postfix/smtpd[27329]: input attribute name: (end)

postfix/smtpd[27329]: lost connection after EHLO from 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132]

postfix/smtpd[27329]: abort all milters
postfix/smtpd[27329]: milter8_abort: abort milter inet:localhost:11332
postfix/smtpd[27329]: disconnect event to all milters

postfix/smtpd[27329]: milter8_disc_event: quit milter 
inet:localhost:11332
postfix/smtpd[27329]: disconnect from 
mail-psaapc01on2132.outbound.protection.outlook.com[40.107.255.132] 
ehlo=2 starttls=1 commands=3

postfix/smtpd[27329]: free all milters
postfix/smtpd[27329]: free milter inet:localhost:11332

Thanks again.

Kind Regards,
Tim Harman

On 03/12/2024 12:39 pm, Tim Harman via Postfix-users wrote:

Hi,


I'm fairly sure this is a Microsoft problem, but I'm asking anyway in 
case I'm doing something really dumb.



I've noticed that in the last month I can't receive email from people 
using Office 365 hosted email.  So, quite a few people.  This is what 
appears in my mail.log:



Dec  3 11:38:18 mail postfix/smtpd[15735]: lost connection after EHLO 
from 
mail-australiasoutheastazon11020092.outbound.protection.outlook.com[52.101.152.92]
Dec  3 11:38:28 mail postfix/smtpd[15717]: lost connection after EHLO 
from 
mail-psaapc01on2110.outbound.protection.outlook.com[40.107.255.110]
Dec  3 11:39:21 mail postfix/smtpd[15826]: lost connection after EHLO 
from 
mail-australiasoutheastazon11020101.outbound.protection.outlook.com[52.101.152.101]
Dec  3 11:39:29 mail postfix/smtpd[15826]: lost connection after EHLO 
from 
mail-tyzapc01on2112.outbound.protection.outlook.com[40.107.117.112]
Dec  3 11:40:05 mail postfix/smtpd[15717]: lost connection after EHLO 
from 
mail-tyzapc01olkn2078.outbound.protection.outlook.com[40.92.107.78]
Dec  3 11:40:31 mail postfix/smtpd[15826]: lost connection after EHLO 
from 
mail-tyzapc01on2111.outbound.protection.outlook.com[40.107.117.111]
Dec  3 11:41:34 mail postfix/smtpd[16050]: lost connection after EHLO 
from 
mail-sg2apc01on2113.outbound.protection.outlook.com[40.107.215.113]
Dec  3 11:42:53 mail postfix/smtpd[16050]: lost connection after EHLO 
from 
mail-koreacentralazon11023086.outbound.protection.outlook.com[40.107.44.86]
Dec  3 11:43:49 mail postfix/smtpd[16050]: lost connection after EHLO 
from 
mail-australiaeastazon11022099.outbound.protection.outlook.com[40.107.40.99]
Dec  3 11:44:24 mail postfix/smtpd[16112]: lost connection after EHLO 
from 
mail-australiaeastazon11020119.outbound.protection.outlook.com[52.101.150.119]
Dec  3 11:46:41 mail postfix/smtpd[16050]: lost connection after EHLO 
from 
mail-psaapc01on2136.outbound.protection.outlook.com[40.107.255.136]
Dec  3 11:47:56 mail postfix/smtpd[16050]: lost connection after EHLO 
from 
mail-koreacentralazon11023115.outbound.protection.outlook.com[40.107.44.115]
Dec  3 11:49:32 mail postfix/smtpd[16050]: lost connection after EHLO 
from 
mail-australiaeastazon11022123.outbound.protection.outlook.com[40.107.40.123]
Dec  3 11:50:13 mail postfix/smtpd[16112]: lost connection after EHLO 
from mail-psaapc01olkn2015.outbound.protection.outlook.com[40.92.52.15]
Dec  3 11:51:44 mail postfix/smtpd[16050]: lost connection after EHLO 
from 
mail-sg2apc01on2101.outbound.protection.outlook.com[40.107.215.101]
Dec  3 11:53:51 mail postfix/smtpd[16112]: lost connection after EHLO 
from 
mail-australiaeastazon11020136.outbound.protection.outlook.com[52.101.150.136]
Dec  3 11:54:35 mail postfix/smtpd[16050]: lost connection after EHLO 
from 
mail-australiaeastazon11022084.outbound.protection.outlook.com[40.107.40.84]
Dec  3 11:56:46 mail postfix/smtpd[16112]: lost connection after EHLO 
from 
mail-tyzapc01on2134.outbound.protection.outlook.com[40.107.117.134]
Dec  3 11:57:58 mail postfix/smtpd[16050]: lost connection after EHLO 
from 
mail-eastasiaazon11021086.outbound.protection.outlook.com[52.101.129.86]
Dec  3 11:59:37 mail postfix/smtpd[16112]: lost connection after EHLO 
from 
mail-australiaeastazon11021121.outbound.protection.outlook.com[40.107.39.121]



I can receive/accept email from Google and many other places just fine 
- I didn't even notice the problem until it was pointed out to me by 
someone.


This is the full "log" I see for a particular attempt:


Dec  3 11:59:36 mail postfix/smtpd[16112]: connect from 
mail-australiaeastazon11021121.outbound.protection.outlook.com[40.107.39.121]
Dec  3 11:59:37 mail postfix/smtpd[16112]: lost connection after EHLO 
from 
mail-australiaeastazon11021121.outbound.protection.outlook.com[40.107.39.121]
Dec  3 11:59:37 mail postfix/smtpd[16112]: disconnect from 
mail-australiaeastazon11021121.outbound.protection.outlook.com[40.107.39.121] 
ehlo=2 starttls=1 commands=3


My SSL setup is good:


Checking t...@muppetz.com from www12-azure.checktls.com(V03.79.05) at 
2024-12-02T23:23:51Z:


seconds         lookup  result
[000.000]               DNS LOOKUPS
[000.001]               SEARCHLIST      168.63.129.16,1.1.1.1,8.8.8.8
[000.745]               MX-->muppetz.com     (10) mail.muppetz.com
[000.828]               MX:A-->mail.muppetz.com      142.93.19.23
seconds         test stage and result

[000.000]		Trying TLS on mail.muppetz.com[142.93.19.23:25] (10) 
@2024-12-02T23:23:51.941259Z

[000.077]               Server answered

[000.336]	<‑‑	220 mail.muppetz.com ESMTP - Phone call for Kermit the 
Frog. You Kermit the Frog?

[000.337]               We are allowed to connect
[000.337]       ‑‑>  EHLO www12-azure.checktls.com
[000.411]       <‑‑  250-mail.muppetz.com
250-PIPELINING
250-SIZE 81920000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
[000.411]               We can use this server
[000.411]               TLS is an option on this server
[000.411]       ‑‑>  STARTTLS
[000.485]       <‑‑  220 2.0.0 Ready to start TLS
[000.485]               STARTTLS command works on this server
[000.486]               SSL_ocsp_mode = SSL_OCSP_FULL_CHAIN
[000.720]               Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Session Algorithm in use: Curve P-256 DHE(256 bits)
Certificate #1 of 3 (sent by MX):
Cert VALIDATED: ok

Cert Hostname VERIFIED (mail.muppetz.com = mail.muppetz.com | 
DNS:mail.muppetz.com)

Not Valid Before: Nov 21 20:28:56 2024 GMT
Not Valid After: May 19 21:59:00 2025 GMT
subject: /CN=mail.muppetz.com
issuer: /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 5
Certificate #2 of 3 (sent by MX):
Cert VALIDATED: ok
Not Valid Before: May 23 12:57:38 2017 GMT
Not Valid After: May 23 12:57:38 2027 GMT
subject: /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 5
issuer: /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA
Certificate #3 of 3 (added from CA Root Store):
Cert VALIDATED: ok
Not Valid Before: Oct 26 08:38:03 2010 GMT
Not Valid After: Oct 26 08:38:03 2040 GMT
subject: /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA
issuer: /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA
[001.187]       ~~>  EHLO www12-azure.checktls.com
[001.262]       <~~  250-mail.muppetz.com
250-PIPELINING
250-SIZE 81920000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
[001.262]               TLS successfully started on this server
[001.263]       ~~>  MAIL FROM:<t...@checktls.com>
[001.337]       <~~  250 2.1.0 Ok
[001.338]               Sender is OK
[001.338]       ~~>  QUIT
[001.412]       <~~  221 2.0.0 Bye

When I debugged the TLS a little more I logged this:

ec  3 11:38:28 mail postfix/smtpd[15717]: Trusted TLS connection 
established from 
mail-psaapc01on2110.outbound.protection.outlook.com[40.107.255.110]: 
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-ex
change ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest 
SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256
Dec  3 11:38:28 mail postfix/smtpd[15717]: lost connection after EHLO 
from 
mail-psaapc01on2110.outbound.protection.outlook.com[40.107.255.110]


Trusted TLS - so I think that proves my SSL is good?


It really seems like Microsoft is connecting, doing EHLO and then going 
"Sorry not interested" - but why?


Here's my main.cf


smtpd_banner = $myhostname ESMTP - Phone call for Kermit the Frog. You 
Kermit the Frog?

biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Send a warning if mail is delayed after 1 hour
delay_warning_time = 1h
# If mail can't be delivered after 7 days, we give up
maximal_queue_lifetime = 7d

readme_directory = no

inet_protocols = ipv4

# Incoming Mail
smtpd_tls_cert_file=/etc/letsencrypt/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/privkey.pem
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem
smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 604800
smtpd_tls_eecdh_grade = strong
smtpd_tls_security_level = may
smtpd_tls_ciphers = high
smtpd_tls_protocols = !SSLv2, !SSLv3
smtpd_tls_exclude_ciphers = aNULL, eNULL, RC4
# Don't offer Auth until STARTTLS has setup
smtpd_tls_auth_only = yes
# smtpd_tls_loglevel = 2

# Add TLS Information to header
smtpd_tls_received_header = yes

# Ask for a Client Cert
smtpd_tls_ask_ccert = yes

# Outgoing Mail
smtp_tls_cert_file=/etc/letsencrypt/fullchain.pem
smtp_tls_key_file=/etc/letsencrypt/privkey.pem
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_use_tls=yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_session_cache_timeout = 604800
smtp_tls_security_level = may
smtp_tls_ciphers = high
smtp_tls_protocols = !SSLv2, !SSLv3
smtp_tls_exclude_ciphers = aNULL, eNULL, RC4
# TLS Params
#tls_preempt_cipherlist = yes

# Bounce Shit
soft_bounce = yes
notify_classes=2bounce, data, delay, resource, software
# sender_bcc_maps=hash:/etc/postfix/sender_bcc

myhostname = mail.muppetz.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.muppetz.com, muppetz.com, tjharman.com, localhost
virtual_alias_domains = prontobuild.co.nz matchboxdigital.co.nz
virtual_alias_maps = hash:/etc/postfix/virtual

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 142.93.19.23 
116.251.193.218 192.168.0.0/16 35.231.98.247 74.48.81.187

mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = no

# PostSRSd
sender_canonical_maps = tcp:localhost:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:localhost:10002
recipient_canonical_classes= envelope_recipient,header_recipient

# sasl! You want to eat it!
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes

# rspamd
smtpd_milters = inet:localhost:11332
non_smtpd_milters = inet:localhost:11332
milter_default_action = accept
milter_protocol = 6

# Proper Mail Protocol Please
strict_rfc821_envelopes = yes

# Verify? No thanks!
disable_vrfy_command = yes

# Demand a polite conversation!
smtpd_helo_required = yes

# Delay before reject
smtpd_delay_reject = yes
smtpd_helo_restrictions = permit_mynetworks,
            permit_sasl_authenticated,
            # reject_non_fqdn_hostname,
            # reject_invalid_hostname,
            permit

smtpd_recipient_restrictions =
            # reject_invalid_hostname,
            # reject_unknown_recipient_domain,
            # reject_unauth_pipelining,
            permit_mynetworks,
            permit_sasl_authenticated,
            reject_unauth_destination,
            permit

message_size_limit = 81920000
compatibility_level = 2

-!- /etc/postfix » postconf mail_version
mail_version = 3.4.23


You can see I've commented out the usual reject statements just in case 
they were the cause, but they didn't make a difference (nor did 
commenting out tls_preempt_cipherlist)



This is the only log/bounceback I've managed to get from someone:

Generating server: ME0P300MB0700.AUSP300.PROD.OUTLOOK.COM
Receiving server: ME0P300MB0700.AUSP300.PROD.OUTLOOK.COM
t...@muppetz.com

12/2/2024 9:00:15 PM - Server at ME0P300MB0700.AUSP300.PROD.OUTLOOK.COM 
returned '550 5.4.317 Message expired, cannot connect to remote 
server(451 4.4.0 Security status InvalidToken)'
12/2/2024 8:50:12 PM - Server at muppetz.com (142.93.19.23) returned 
'450 4.4.317 Cannot connect to remote server [Message=451 4.4.0 
Security status InvalidToken] [LastAttemptedServerName=muppetz.com] 
[LastAttemptedIP=142.93.19.23:25] [SmtpSecurity=-1;-1] 
[SY4AUS01FT004.eop-AUS01.prod.protection.outlook.com 
2024-12-02T20:50:15.410Z 08DD12BD88CBAC7F](451 4.4.0 Security status 
InvalidToken)'






I'm really at a loss.  Hoping someone might be able to provide some 
hints/suggestions?


Many Thanks,
Tim
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to