Wietse Venema:
> Ralf Hildebrandt:
> > Oct 21 21:24:31 zivmail postfix/smtp[7663]: C51E4BF414:
> > to=<peter.heuschm...@charite.de>,
> > relay=mail.charite.de[141.42.202.200]:25, delay=6.4,
> > delays=0.27/0.01/6.1/0, dsn=5.5.0, status=bounced (Protocol error: host
> > mail.charite.de[141.42.202.200] refused to talk to me: 220-mail.charite.de
> > ESMTP 421-4.3.2 All server ports are busy 421 4.3.2
> > Contact postmas...@charite.de (using a different email address!) for
> > technical assistance. Please provide the following information in your
> > problem report: This error message, time (Oct 21 21:24:31), client
> > (128.176.188.24) and server (mail.charite.de). We speak both English and
> > German.)
>
> This bug was fixed in Postfix 2.7 with the introduction of the
> smtp_reply_filter feature, but it was never recorded in the HISTORY
> file, and therefore it was never back-ported to earlier Postfix
> versions.
There are two sides to this story. One side is that in Postfix
2.3..2.6 the SMTP client's error handling had a bug that was exposed
by postscreen's peculiar manner of blocking clients. But that is
not the real problem.
The other side of the story is that postscreen's error handling is
questionable. When postscreen is unable to hand off a connection
to an smtpd process after sending the "220-" partial greeting,
postscreen sends a 421 response and hangs up. Now, sending 220-
followed by 421 violates SMTP. And that is the real problem.
The correct fix is to complete the 220 handshake as required by
SMTP, and to reply with 421 only after the client sends its first
command (unless the client sends QUIT). This eliminates cases
where postscreen violates SMTP, resulting in undefined behavior.
That will be the final fix for this problem. I'll cook up something
later this week.
Wietse
> 20111024
>
> Bugfix (introduced: Postfix 2.3): while the Postfix SMTP
> client's protocol parser uses the last SMTP reply line as
> intended, the error processing routine was taking information
> from the beginning of the response. This was causing "Protocol
> error" bounces with postscreen responses on Postfix < 2.6.
> Reported by Ralf Hildebrandt. File: smtp/smtp_trouble.c.
>
> *** ../postfix-2.6.13/src/smtp/smtp_trouble.c Thu Dec 13 20:01:56 2007
> --- src/smtp/smtp_trouble.c Sat Nov 14 20:59:33 2009
> ***************
> *** 288,294 ****
> * cycles.
> */
> VSTRING_RESET(why->reason);
> ! if (mta_name && reply && reply[0] != '4' && reply[0] != '5') {
> vstring_strcpy(why->reason, "Protocol error: ");
> status = "5.5.0";
> }
> --- 288,294 ----
> * cycles.
> */
> VSTRING_RESET(why->reason);
> ! if (mta_name && status && status[0] != '4' && status[0] != '5') {
> vstring_strcpy(why->reason, "Protocol error: ");
> status = "5.5.0";
> }
>
