Klaus Engelmann put forth on 8/20/2010 2:32 PM: > Stan, thanks for your answer. > > Searching heavily the list I found that this problem was related to > firewall issues, specially when the firewall does a sort of SMTP > (layer 7) validation or check. > > I disabled some features on my H3C firewall (ASPF - Application > Specific Packet Filter) related only to SMTP and everything works fine > now again.
Glad you found the culprit Klaus. As you probably know now, one should never allow a firewall to "touch" SMTP traffic, whether it be Cisco's "SMTP Fixup" feature or other vendor implementations. In so so many cases this simply breaks things, and often makes troubleshooting at the SMTP server more difficult. It threw my troubleshooting off in this case, but then again, I'm not one of the resident experts. That's why they spotted this and I didn't--much more experience. > I like to thanks all the other members of the list for their > contribution on this issue, specially Wietse. I am surprised how some > modern firewalls are poorly implemented when dealing with SMTP. > Postfix really opens a wide knowledge about RFCs and all the SMTP > resources. "The road to hell is paved with good intentions". Firewall vendors have many good intentions. Unfortunately, their implementations sometimes yield results opposite of that which is desired. ;) > Your suggestions about reject_unauth_destination are right and now > implemented in my production server. Thank you again for this advise. Well at least I'm batting 50% and if this were baseball that would be pretty good right. :) I wish I'd nailed your bigger issue here, but that's why this list has multiple people with varying degrees of experience and expertise. If folks like myself miss the dart board, Noel, Viktor, or Wietse will come in and hit the bullseye for you. :) Glad I was able to help in a small way. -- Stan
