Nick Tait via Postfix-users:
> On 18/06/2025 22:33, Nick Tait via Postfix-users wrote:
> > Prior to making the configuration change, the response to the STARTTLS
> > was "454 4.7.0 TLS not available due to local problem", and the SMTP
> > session remained operational, meaning if the client then sent another
> > command (e.g. QUIT), it was processed as expected. However after
> > setting "postscreen_tls_security_level = none", when I now send a
> > STARTTLS, I get a "502 5.5.1 Error: command not implemented", and then
> > Postscreen stops responding to any subsequent commands. Am I correct
> > in thinking that this isn't the expected behaviour?
>
> Sorry I realised that I worded that poorly. Let me describe the last bit
> again:
>
> After setting "postscreen_tls_security_level = none", when I now send a
> STARTTLS, I get a "502 5.5.1 Error: command not implemented", and then
> /the SMTP session/ stops responding to any subsequent commands, /until
> the client disconnects or the postscreen_command_time_limit is reached/.
> /(Postscreen itself remains operational for processing other connections.)/
Does not reproduce. Here is evidence.
$ postconf -n|grep '^postscreen'
postscreen_bare_newline_enable = yes
...
postscreen_tls_security_level = none
$ telnet wzv smtp
Trying 168.100.3.7...
Connected to wzv.
Escape character is '^]'.
220-wzv.porcupine.org ESMTP Postfix
...delay...
220 wzv.porcupine.org ESMTP Postfix
ehlo wzv.porcupine.org
250-wzv.porcupine.org
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
starttls
502 5.5.1 Error: command not implemented
quit
221 2.0.0 Bye
In /var/log/maillog:
Jun 18 10:06:33 wzv postfix/postscreen[1045277]: CONNECT from
[168.100.3.7]:39292 to [168.100.3.7]:25
Jun 18 10:06:59 wzv postfix/postscreen[1045277]: DISCONNECT [168.100.3.7]:39292
If you disagree, provide evidence.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
