Hi Viktor,
Maybe so. Here is output from postconf containing "discard_ehlo_keywords":
# postconf | grep discard_ehlo_keywords
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
smtp_discard_ehlo_keywords =
smtpd_discard_ehlo_keywords = chunking
Looks like postscreen may somehow be the culprit. Odd that the lines in
main.cf and master.cf for postscreen are commented out. Maybe it's getting
invoked some other way? (Full uncommented lines of master.cf in previous
response.)
[master.cf snip]
smtp inet n - n - - smtpd
-o smtpd_sasl_auth_enable=no
#smtp inet n - n - 1 postscreen
[/snip]
[main.cf snip]
#postscreen_greet_action = enforce
[/snip]
Recursive case insensitive grep from /etc/postfix for "keywords" returns
nothing. Not sure where I would change the setting (or if I should try to
change the setting).
We are running postfix.x86_64 2:3.5.8-1.el8 on CentOS Stream release 8.
Output from postconf containing postscreen:
# postconf | grep postscreen
postscreen_access_list = permit_mynetworks
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = ignore
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?{10}:{300}}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps =
$smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = ignore
postscreen_dnsbl_max_ttl = ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h
postscreen_dnsbl_min_ttl = 60s
postscreen_dnsbl_reply_map =
postscreen_dnsbl_sites =
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_timeout = 10s
postscreen_dnsbl_whitelist_threshold = 0
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = ignore
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?{2}:{6}}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = no
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_reject_footer_maps = $smtpd_reject_footer_maps
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_upstream_proxy_protocol =
postscreen_upstream_proxy_timeout = 5s
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
postscreen_whitelist_interfaces = static:all
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
$smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps
$smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions
$smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions
$smtpd_recipient_restrictions
$address_verify_sender_dependent_default_transport_maps
$address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps
$fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps
$lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps
$mailbox_command_maps $mailbox_transport_maps
$postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps
$sender_dependent_default_transport_maps $sender_dependent_relayhost_maps
$smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps
$smtp_sasl_password_maps $smtp_tls_policy_maps
$smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps
$virtual_uid_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
$address_verify_map $postscreen_cache_map
Recommendations? I don't understand how postscreen is configured or invoked
and I'm still fuzzy on the ramifications of what the log entry is telling me.
Learning a bunch here!
Thanks for your help!
Ken
> On Mar 19, 2021, at 2:23 PM, Viktor Dukhovni <postfix-us...@dukhovni.org>
> wrote:
>
> On Fri, Mar 19, 2021 at 01:48:53PM -0500, LoneStarKen wrote:
>
>> Thank you for the response. Those entries don't seem to exist in my main.cf
>> or master.cf.
>>
>> I grepped (case insensitive) main.cf for ehlo, keywords, and discard and
>> none of those words exist.
>
> Are you running a modified Postfix with a non-empty default value of
> $smtpd_discard_ehlo_keywords? Check the output of "postconf" rather
> than "postconf -n".
>
> --
> Viktor.
