Hi! While crawling trough my logs, I've noticed a couple of bots getting rejected because of Improper use of SMTP command pipelining because of the reject_unauth_pipelining in smptd_recipient_restrictions. So I decided to give the old "sleep" trick a try. Only for unknown hosts, ofc...
The http://www.postfix.org/postconf.5.html#sleep manual recommends smtpd_client_restrictions = sleep 1, reject_unauth_pipelining smtpd_delay_reject = no which I tried, but it didn't have the desired effect. While "speaking to early" results in an improper command pipelining after HELO from ... entry in the logs, the message does not get rejected. In fact, I can give all the commands including the "final dot" before the greeting and it still gets delivered. So I tried smtpd_client_restrictions = sleep 1 smtpd_helo_restrictions = reject_unauth_pipelining smtpd_delay_reject = no which works better, but still not as I'd expect it to. If I issue the commands (HELO, MAIL, RCPT) before the greeting, the message gets rejected. However, if I issue only the HELO command before the greeting, the message gets delivered and it doesn't even appear in the logs. Odd for a HELO restriction... Putting the restrcition in smptd_recipient_restrictions (as it was in the beginning) gives the exact same behaviour by the way... Now I'm quite puzzled. Especially since the http://www.postfix.org/postconf.5.html#reject_unauth_pipelining manual says: With Postfix 2.6 and later, the SMTP server sets a per-session flag whenever it detects illegal pipelining, including pipelined EHLO or HELO commands. The reject_unauth_pipelining feature simply tests whether the flag was set at any point in time during the session. Or am I misunderstanding something? I'm using postfix 2.8.3 btw. Regards ricardus -- View this message in context: http://old.nabble.com/reject_unauth_pipelining-not-working-as-I%27d-expect-%28bug-%29-tp32018797p32018797.html Sent from the Postfix mailing list archive at Nabble.com.
