Hi there.
I hope this is the right forum for reporting a possible bug in
Postscreen? (Apologies if it isn't...)
I've been using Postscreen without "deep protocol tests" for a long
time, and it has been doing a fantastic job. I recently noticed a log
entry from Postscreen saying "warning: connect to private/tlsproxy
service: No such file or directory", which I worked out was due to an
early-speaking client issuing a STARTTLS command, which Postscreen
wanted to hand off to tlsproxy, which is a service that I've never
enabled. And since I have no desire to use tlsproxy in this way I
configured "postscreen_tls_security_level = none".
On the face of it, this seems to be doing what I wanted, in that if I
send Postscreen an early "EHLO", STARTTLS is now absent from the
features in the response. But because I was trying to simulate a zombie
that was speaking before its turn, I sent a STARTTLS anyway...
Prior to making the configuration change, the response to the STARTTLS
was "454 4.7.0 TLS not available due to local problem", and the SMTP
session remained operational, meaning if the client then sent another
command (e.g. QUIT), it was processed as expected. However after setting
"postscreen_tls_security_level = none", when I now send a STARTTLS, I
get a "502 5.5.1 Error: command not implemented", and then Postscreen
stops responding to any subsequent commands. Am I correct in thinking
that this isn't the expected behaviour?
FYI My Postfix version is: 3.9.1
Thanks,
Nick.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
