Re: Postfix : corrupted SMTP transactions?

Wed, 14 Apr 2021 14:56:26 -0700 

Hi Bill,

Le 14.04.2021 à 14:51, Bill Cole a écrit :

On 14 Apr 2021, at 5:47, (lists) Denis BUCHER wrote:
It's very strange, but without changing anything in the configuration of Postfix, we have corrupted SMTP transactions from Thunderbird bêta (Windows) and Outlook (MacOS) but not from command line (Linux) and not from Thunderbird release (Windows). 

The transaction looks like this :


[ malformatted and excessively verbose log & postconf -n snipped ]
Yes sorry I didn't post to mailing-lists for a long time, sorry for this bad formatting.
It's really extremely strange, I cannot even find what the cause could be ? 

If anyone had any suggestion, or at least an idea, it would be great !

Thanks a lot in advance for any help !
Critical evidence is missing: "postconf -Mf" output and non-verbose logs of successful sessions. So what follows is a possibility, not a certainty...
My postconf -Mf is very long, so I will only post the beggining, hoping that's what you expect :
smtp       inet  n       -       -       -       -       smtpd smtps      inet  n       -       -       -       -       smtpd 
    -o syslog_name=postfix/smtps
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
Your problem is consistent with your 'smtps' service (port 465) not having the critical "-o smtpd_tls_wrappermode=yes" argument enabled in master.cf. The differences between clients is likely due to different configurations and/or differences in how clients attempt to probe the server for the best connection configuration. 

OK I understand, thanks for pointing at this, that looks logical...
Therefore I added "-o smtpd_tls_wrappermode=yes" in master.cf and... it works !!! 

You were perfectly right! Thanks a LOT and congratulations!
Non-verbose logs from both working and non-working sessions with the addition of "smtpd_tls_loglevel = 1" to your configuration may reveal that the working clients are either connecting to the plain smtp or submission services or are somehow accommodating the lack of implicit TLS on port 465.
Oh thank you very much for this hint. I have a similar (same ?) problem on another server, I will use this log option to debug it !
Thanks really a LOT really for your help, the life of some users will change from Tomorrow evening, they will be able to send mails without having to go through the webmail ! 

Denis

Reply via email to