Am I misunderstanding something here, that setting 'smtpd_client_restrictions = reject_unauth_pipelining' should reject a client that sends the EHLO, or HELO before the smtp banner? (http://www.postfix.org/postconf.5.html#reject_unauth_pipelining: 'Reject the request when the client sends SMTP commands ahead of time where it is not allowed, ...')
In an effort to test this out (and following the example provided at http://www.postfix.org/postconf.5.html#smtpd_client_restrictions !): /etc/postfix/main.cf: smtpd_client_restrictions = sleep 1, reject_unauth_pipelining smtpd_delay_reject = no # ( echo -e 'helo f'; sleep 0.5; echo -e 'mail from:<a...@a.com>'; sleep 0.5; echo 'rcpt to:<a...@xx.com>' ) | nc 127.0.0.1 25 220 xx.com ESMTP xx 250 xx.com 250 2.1.0 Ok 250 2.1.5 Ok # I've even tried this with 'smtpd_delay_reject = yes', with the same result. Now you'll notice that a sleep is inserted between each command - 'helo', 'mail', and 'rcpt'. What is interesting, though, is what happens when I take out the delay between the 'helo' and the 'mail': with smtpd_delay_reject = no : # ( echo -e 'helo f'; echo -e 'mail from:<a...@a.com>'; sleep 0.5; echo 'rcpt to:<a...@xx.com>' ) | nc 127.0.0.1 25 220 xx.com ESMTP xx 250 xx.com 250 2.1.0 Ok 250 2.1.5 Ok # with smtpd_delay_reject = yes, however???: # ( echo -e 'helo f'; echo -e 'mail from:<a...@a.com>'; sleep 0.5; echo 'rcpt to:<a...@xx.com>' ) | nc 127.0.0.1 25 220 xx.com ESMTP xx 250 xx.com 250 2.1.0 Ok 503 5.5.0 <localhost[127.0.0.1]>: Client host rejected: Improper use of SMTP command pipelining # (Note that I get the same results even if I take out the 'sleep 1' from smtpd_client_restrictions) And so it seems that I'm forced to come to the following conclusions: 1. 'smtpd_delay_reject = no' messes up 'smtpd_client_restrictions = reject_unauth_pipelining' somehow 2. early ehlo, or helo does not register as "unauth pipelining" 3. no delay between the 'helo' and 'mail' commands = command pipelining, but only if 'smtpd_delay_reject = yes'! I am running postfix 2.9.6. -jf -- He who settles on the idea of the intelligent man as a static entity only shows himself to be a fool. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." --Richard Stallman
