On 19/06/2025 02:53, Viktor Dukhovni via Postfix-users wrote:
Ditto for me:
$ (sleep 7; printf "EHLO foo.local\r\n"; sleep 2; printf "STARTTLS\r\n"; sleep 2;
printf "QUIT\r\n") | nc -C 127.0.0.1 24
220-amnesiac.example ESMTP Postfix
<...6s pause...>
220 amnesiac.example ESMTP Postfix
250-amnesiac.example
250-SIZE 157286400
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250-SMTPUTF8
250 CHUNKING
502 5.5.1 Error: command not implemented
221 2.0.0 Bye
The relevant master.cf entries are:
127.0.0.1:24 inet n - n - 1 postscreen
-o myhostname=amnesiac.example
-o postscreen_bare_newline_enable=yes
-o postscreen_greet_action=enforce
-o postscreen_pipelining_enable=yes
-o postscreen_access_list=
-o postscreen_allowlist_interfaces=
-o smtpd_tls_security_level=none
smtpd pass - - n - - smtpd
-o smtpd_tls_security_level=none
dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
I doubt it matters, but I'm running 3.11-20250606, not 3.9.
Thanks everyone for your responses. I've done some more testing on this
and determined that the issue was with how I was testing. Specifically I
wasn't allowing a long enough gap for Postscreen to read the SMTP stream
up to and including the STARTTLS, before I sent the QUIT. And I realised
my method wasn't an accurate reflection of how a real client (even a
zombie) would behave when sending STARTTLS.
The following command illustrates this:
$ ( echo -en "EHLO foo.local\r\nSTARTTLS\r\n" ; sleep 0 ; echo -en "QUIT\r\n" )
| nc mx.tait.net.nz 25
Note the "sleep 0" (which does nothing). For me, running the command
above terminates 50% of the time and hangs 50% of the time, but it all
depends on whether Postscreen receives the QUIT in the same read as the
EHLO+STARTTLS. If I replace the "sleep 0" with "sleep 1", then it works
100% of the time.
The difference is obvious when I look closer at the Postfix logs...
Working (Postscreen processes QUIT and disconnects):
2025-06-19T22:02:48.064432+12:00 mx postfix/postscreen[16635]: CONNECT from
[XXX]:34782 to [YYY]:25
2025-06-19T22:02:48.064742+12:00 mx postfix/postscreen[16635]: PREGREET 26
after 0 from [XXX]:34782: EHLO foo.local\r\nSTARTTLS\r\n
2025-06-19T22:02:48.064931+12:00 mx postfix/postscreen[16635]: COMMAND
PIPELINING from [XXX]:34782 after EHLO: STARTTLS\r\n
2025-06-19T22:02:48.068407+12:00 mx postfix/postscreen[16635]: DISCONNECT
[XXX]:34782
Not working (Postscreen doesn't process QUIT):
2025-06-19T22:03:00.818810+12:00 mx postfix/postscreen[16635]: CONNECT from
[XXX]:51480 to [YYY]:25
2025-06-19T22:03:00.823343+12:00 mx postfix/postscreen[16635]: PREGREET 32
after 0 from [XXX]:51480: EHLO foo.local\r\nSTARTTLS\r\nQUIT\r\n
2025-06-19T22:03:00.823525+12:00 mx postfix/postscreen[16635]: COMMAND
PIPELINING from [XXX]:51480 after EHLO: STARTTLS\r\nQUIT\r\n
Thanks again everyone for your help. :-)
Nick.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
