Currently I'm dealing with some issues when receiving mail from some hosts,
session is disconnected almost inmediately
Jul 26 20:06:41 postoffice postfix/smtpd[9404]: connect from lists.isc.org
[149.20.1.60]
Jul 26 20:17:58 postoffice postfix/smtpd[9616]: disconnect from
lists.isc.org[149.20.1.60] ehlo=1 mail=0/1 rcpt=0/1 data=0/1 rset=0/1
quit=1 commands=2/6
I'm running Postfix Postfix 3.4.14 and this is my postconf -n configuration
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
default_process_limit = 150
disable_dns_lookups = no
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = all
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 20971520
milter_default_action = accept
milter_protocol = 6
mydestination = localhost
mydomain = dominio.edu.ar
myhostname = correo.$mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 170.200.4.128/29
myorigin = $myhostname
non_smtpd_milters = $smtpd_milters
policyd-spf_time_limit = 3600
polite_destination_concurrency_limit = 15
polite_destination_rate_delay = 0
polite_destination_recipient_limit = 6
qmgr_message_active_limit = 30000
qmgr_message_recipient_limit = 30000
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_destination_concurrency_limit = 20
smtp_extra_recipient_limit = 2
smtp_host_lookup = dns
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
smtp_tls_loglevel = $smtpd_tls_loglevel
smtp_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
smtp_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
smtp_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = $smtpd_tls_protocols
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_enforce_tls = yes
smtpd_helo_required = yes
smtpd_milters = local:opendkim/opendkim.sock
smtpd_recipient_limit = 5000
smtpd_recipient_restrictions = reject_unknown_sender_domain,
permit_mynetworks, permit_sasl_authenticated, reject_rbl_client
zen.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org,
check_policy_service unix:private/policyd-spf, check_policy_service inet:
127.0.0.1:10023
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/apache2/md/domains/
correo.dominio.edu.ar/pubcert.pem
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/ssl/diffie-hellman/dhparams.pem
smtpd_tls_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
smtpd_tls_key_file = /etc/apache2/md/domains/
correo.dominio.edu.ar/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES,
eNULL, aNULL
smtpd_tls_mandatory_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtpd_tls_protocols = TLSv1.2, !TLSv1.1, !TLSv1, !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
spamassassin_destination_recipient_limit = 1
tls_disable_workarounds = 0xFFFFFFFFFFFFFFFF
tls_preempt_cipherlist = yes
tls_ssl_options = NO_RENEGOTIATION
transport_maps = hash:/etc/postfix/transport
turtle_destination_concurrency_limit = 10
turtle_destination_rate_delay = 1s
turtle_destination_recipient_limit = 4
virtual_alias_maps = mysql:/etc/postfix/mysql/virtual_alias_maps.cf
virtual_gid_maps = static:5000
virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:5000
After enabled peer debug found this
Jul 26 21:05:21 estafeta postfix/smtpd[9928]: > lists.isc.org[149.20.1.60]:
530 5.7.0 Must issue a STARTTLS command first
_______________________________________________
Daniel A. Rodriguez
Departamento de Tecnología para la Gestión
Escuela Provincial de Educación Técnica N° 1
Posadas - Misiones - Argentina
(0376) 443-8578
www.epet1.edu.ar
