Wietse: > Note that the last RCPT TO command was not delivered to Postfix. I > therefore suspect that you have some anti-malware system that breaks > connections when a client sends suspicious email.
Matt Bayliss: > I checked the hardware firewall config, which does have a threat detection > & shunning capability but nothing was popping up in the logs during the > session. I've placed a test client on the same network LAN as the Postfix > server and repeated the test with the same result. > > My next step was, using a console telnet client, to repeat the commands > sent by the client in the packet trace (http://pastebin.centos.org/36261/) > by literally pasting from one putty client to another. ... > As soon as I get the 100th RCPT TO, bam, the connection drops out: > > Nov 20 16:08:04 mailserver postfix/smtpd[2254]: timeout after RCPT from > unknown[192.168.11.50] > Nov 20 16:08:04 mailserver postfix/smtpd[2254]: disconnect from > unknown[192.168.11.50] In previous email, Postfix lost the connection after responding to the 99th RCPT TO command, and now, you see that the client loses the connection after trying to send the 100th RCPT TO command. What more evidence do you need of firewall/ids/etc interference? Wietse
