[pfx] Re: Postscreen STARTTLS bug?

Wed, 18 Jun 2025 07:13:39 -0700 

Nick Tait via Postfix-users:
> On 18/06/2025 22:33, Nick Tait via Postfix-users wrote:
> > Prior to making the configuration change, the response to the STARTTLS 
> > was "454 4.7.0 TLS not available due to local problem", and the SMTP 
> > session remained operational, meaning if the client then sent another 
> > command (e.g. QUIT), it was processed as expected. However after 
> > setting "postscreen_tls_security_level = none", when I now send a 
> > STARTTLS, I get a "502 5.5.1 Error: command not implemented", and then 
> > Postscreen stops responding to any subsequent commands. Am I correct 
> > in thinking that this isn't the expected behaviour?
> 
> Sorry I realised that I worded that poorly. Let me describe the last bit 
> again:
> 
> After setting "postscreen_tls_security_level = none", when I now send a 
> STARTTLS, I get a "502 5.5.1 Error: command not implemented", and then 
> /the SMTP session/ stops responding to any subsequent commands, /until 
> the client disconnects or the postscreen_command_time_limit is reached/. 
> /(Postscreen itself remains operational for processing other connections.)/

Does not reproduce. Here is evidence.

$ postconf -n|grep '^postscreen'
postscreen_bare_newline_enable = yes
...
postscreen_tls_security_level = none

$ telnet wzv smtp
Trying 168.100.3.7...
Connected to wzv.
Escape character is '^]'.
220-wzv.porcupine.org ESMTP Postfix
...delay...
220 wzv.porcupine.org ESMTP Postfix
ehlo wzv.porcupine.org
250-wzv.porcupine.org
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
starttls
502 5.5.1 Error: command not implemented
quit
221 2.0.0 Bye

In /var/log/maillog:
Jun 18 10:06:33 wzv postfix/postscreen[1045277]: CONNECT from 
[168.100.3.7]:39292 to [168.100.3.7]:25
Jun 18 10:06:59 wzv postfix/postscreen[1045277]: DISCONNECT [168.100.3.7]:39292

If you disagree, provide evidence.

        Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to