On 5/18/2011 3:39 PM, Shawn Heisey wrote:
I am having a problem that IMHO should be solved by the
following in main.cf. I am using version 2.7.1 in Debian squeeze:
smtpd_data_restrictions =
permit_mynetworks,
reject_unauth_pipelining,
reject_multi_recipient_bounce
This says to me that if the host is listed in mynetworks, it
should stop looking at the rest of the restrictions. This
doesn't happen. The log complains about improper command
pipelining, and the SMTP conversation sends a 503. I have done
some testing, and have learned that
reject_multi_recipient_bounce *IS* ignored if the source
matches mynetworks, and takes effect if the source is not
listed there.
The client that's doing this is xymon, a monitoring
application. It sends "mail" followed by "quit" and looks for
a 220 response. The code is not flexible enough to do it
properly, which means sending helo, waiting for a response,
then sending some useful test command and waiting for another
response. The test does pass, because the first thing the
server sends is a 220.
Am I running into expected behavior? I agree with the notion
that unauthorized pipelining is bad, but what if I have a
broken system that I am forced to use? Shouldn't I be able,
through either permit_mynetworks or another mechanism, to
allow that client to do it while denying everyone else? I am
not hampered by what I've discovered, but I consider it to be
a bug that should be fixed, because it might affect someone else.
I filed a bug on this problem with the Debian project some
time ago, but aside from one person who privately sent me a
link to a general postfix howto for Ubuntu, I've gotten no
response.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604707
Thanks,
Shawn
Show "postconf -n" (all of it, not just snips) and logging
demonstrating the problem.
-- Noel Jones
