Hello,

Thanks. I'm sorry I should probably have more completely clarified
that. Different client entirely, the previous message I was attempting
autoconfig with Thunderbird and getting those errors.

This time I'm trying outlook 2010 with autodiscover and getting the
errors in my last message. I thought to keep it under the same thread.

For completeness and because I probably confused everyone, here's an
outlook 2010 attempted connection and my current main.cf and master.cf
files.

Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: connect from
Connecting-Host-And-IP
Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: lost
connection after UNKNOWN from Connecting-Host-And-IP
Apr 21 13:52:54 hostname postfix/submission/smtpd[74637]: disconnect
from Connecting-Host-And-IP unknown=0/1 commands=0/1

#cat master.cf
smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       n       -       1       postscreen
 #-o smtpd_sasl_auth_enable=no
#smtpd     pass  -       -       n       -       -       smtpd
dnsblog   unix  -       -       n       -       0       dnsblog
tlsproxy  unix  -       -       n       -       0       tlsproxy
# Submission port 587 for client connection / sending mails from
authenticated users
submission inet n       -       n       -       -       smtpd -v
 -o syslog_name=postfix/submission
 # Encrypt by default
  -o smtpd_tls_dh1024_param_file=/etc/ssl/dhparam.pem
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_sasl_security_options=noanonymous
 -o 
smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
 -o tls_preempt_cipherlist=yes
#smtps     inet  n       -       n       -       -       smtpd
  #-o syslog_name=postfix/smtps
  #-o smtpd_tls_wrappermode=yes
  #-o smtpd_sasl_auth_enable=yes
  #-o smtpd_reject_unlisted_recipient=no
  #-o 
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject
  #-o tls_preempt_cipherlist=yes
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       n       -       -       qmqpd
pickup    unix  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

# for SPF support
spf-policy unix -       n       n       -       0       spawn
          user=vmail argv=/usr/local/bin/perl
/usr/local/libexec/postfix-policyd-spf-perl

dfilt     unix    -       n       n       -       -       pipe
    flags=Rq user=filter argv=/usr/local/etc/postfix/disclaimer -f
${sender} -r ${recipient}

# scan service for clamsmtpd
scan unix -       -       n       -       16       smtp
   -o smtp_data_done_timeout=1200
   -o smtp_send_xforward_command=yes
   -o disable_dns_lookups=yes

127.0.0.1:10026 inet n       -       n       -       16       smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks_style=host
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8

#cat main.cf
soft_bounce = no
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
myhostname = mail.domain.com
mydomain = domain.com
myorigin = $mydomain
inet_interfaces = xxx.xxx.xxx.xxx, 127.0.0.1
mydestination = localhost
local_recipient_maps = $virtual_mailbox_maps
unknown_local_recipient_reject_code = 550
mynetworks = $config_directory/mynetworks
in_flow_delay = 1s
# Delimiter for "Address Tagging"
recipient_delimiter = +
smtpd_banner = $myhostname ESMTP
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = /usr/local/share/doc/postfix

# Misc options
delay_warning_time = 4h
# Do not notify system users on new e-mail
biff = no
bounce_template_file = /usr/local/etc/postfix/bounce.cf
smtp_helo_timeout = 60s
smtpd_soft_error_limit = 3
header_checks = pcre:/usr/local/etc/postfix/header_checks,
regexp:/usr/local/etc/postfix/phish419.regexp
mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks

# Virtual mailbox domains
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/db/domains.cf
virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/db/accounts.cf
virtual_mailbox_base = /home/vmail
virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/db/aliases.cf
virtual_minimum_uid = 999
virtual_uid_maps = static:999
virtual_gid_maps = static:999
virtual_transport = lmtp:unix:private/dovecot-lmtp

# Dovecot sasl authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes

# uce
strict_rfc821_envelopes = yes
disable_vrfy_command = yes
smtpd_reject_unlisted_sender = yes
show_user_unknown_table_name = no
unknown_address_reject_code  = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code   = 554

# Conditions in which Postfix works as a relay. (for mail user clients)
smtpd_relay_restrictions =
 reject_non_fqdn_recipient
 reject_unknown_recipient_domain
 permit_mynetworks
 reject_unauth_destination

smtpd_recipient_restrictions =
  permit_mynetworks
 permit_sasl_authenticated
  reject_unauth_destination
        check_helo_access hash:/usr/local/etc/postfix/helo_access,
        ,check_helo_access pcre:/usr/local/etc/postfix/helo_checks
        ,check_sender_mx_access cidr:/usr/local/etc/postfix/bogus_mx
 check_sender_access hash:/usr/local/etc/postfix/safe_addresses
 check_sender_access hash:/usr/local/etc/postfix/auto-whtlst
 check_client_access cidr:/usr/local/etc/postfix/spamfarms
 check_client_access cidr:/usr/local/etc/postfix/sinokorea.cidr
 check_recipient_access mysql:/usr/local/etc/postfix/db/recipient-access.cf
     permit_dnswl_client list.dnswl.org=127.0.[2..14].[1..3]
        check_reverse_client_hostname_access
pcre:/usr/local/etc/postfix/fqrdns.pcre
 reject_unknown_reverse_client_hostname
  reject_non_fqdn_sender
 #reject_non_fqdn_helo_hostname
 #reject_invalid_helo_hostname
 #reject_unknown_helo_hostname
 reject_unlisted_recipient
 reject_rhsbl_client dbl.spamhaus.org
 reject_rhsbl_sender dbl.spamhaus.org
 reject_rhsbl_helo dbl.spamhaus.org
  check_policy_service unix:private/spf-policy
# Postfix Quota status service
 check_policy_service unix:private/dovecot-quota

# Restrictions for all sending foreign servers ("SMTP clients")
smtpd_client_restrictions =
 permit_mynetworks
 #check_client_access hash:/usr/local/etc/postfix/without_ptr
 #reject_unknown_client_hostname

smtpd_helo_required = yes
smtpd_helo_restrictions =
 #permit_mynetworks
 #reject_invalid_helo_hostname
 #reject_non_fqdn_helo_hostname
 #reject_unknown_helo_hostname

# Block clients, which start sending too early
#smtpd_data_restrictions = reject_unauth_pipelining

# Restrictions for MUAs
#mua_relay_restrictions =
reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject
#mua_sender_restrictions =
permit_mynetworks,reject_non_fqdn_sender,reject_sender_login_mismatch,permit_sasl_authenticated,reject
#mua_client_restrictions = permit_mynetworks,permit_sasl_authenticated,reject

# TLS parameters
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /usr/local/etc/ssl/acme/domain.com/fullchain.pem
smtpd_tls_key_file = /usr/local/etc/ssl/acme/private/domain.com/privkey.pem
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1 !TLSv1.1 TLSv1.2
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1 !TLSv1.1 TLSv1.2
smtpd_tls_mandatory_ciphers = high
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDB3-SHA, KRB5-DES, CBC3-SHA
smtpd_tls_ciphers = high
smtpd_tls_eecdh_grade = strong
smtpd_tls_security_level = may
# for smtpd pfs
smtpd_tls_dh1024_param_file = /etc/ssl/dhparam.pem
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_received_header = yes
tls_preempt_cipherlist = yes
tls_high_cipherlist =
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_protocols=!SSLv2,!SSLv3, !TLSv1
smtp_tls_mandatory_protocols=!SSLv2,!SSLv3, !TLSv1
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4,
MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5,
CBC3-SHA
smtp_tls_ciphers = high
smtp_tls_cert_file = $smtpd_tls_cert_file
smtp_tls_key_file = $smtpd_tls_key_file
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# For SPF
spf-policy_time_limit = 3600s

# Spam filter and DKIM signatures via Rspamd
smtpd_milters = unix:/var/run/rspamd/milter.sock
#smtpd_milters = inet:127.0.0.1:8891,inet:127.0.0.1:8893,inet:127.0.0.1:8472
non_smtpd_milters = $smtpd_milters
milter_protocol = 6
milter_mail_macros="i {mail_addr} {client_addr} {client_name} {auth_authen}"
milter_default_action = accept

# postscreen(8) settings
### Before-220 tests
#postscreen_access_list = permit_mynetworks,
cidr:/usr/local/etc/postfix/postscreen_access.cidr,
cidr:/usr/local/etc/postfix/postscreen_spf_whitelist.cidr
#postscreen_blacklist_action = drop
#postscreen_dnsbl_action = drop
#postscreen_dnsbl_reply_map =
pcre:/usr/local/etc/postfix/postscreen_dnsbl_reply_map.pcre
#postscreen_dnsbl_sites = zen.spamhaus.org*3
 #b.barracudacentral.org*2
 #bl.spameatingmonkey.net*2
   #bl.spamcop.net
 #dnsbl.sorbs.net
 #psbl.surriel.com
 #bl.mailspike.net
 #swl.spamhaus.org*-4
 #list.dnswl.org=127.[0..255].[0..255].0*-2
        #list.dnswl.org=127.[0..255].[0..255].1*-3
        #list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
#postscreen_dnsbl_threshold = 2
# Drop connections if other server is sending too quickly
#postscreen_greet_action = drop
#postscreen_dnsbl_whitelist_threshold = -1
### End of before-220 tests
### After-220 tests
### WARNING -- See "Tests after the 220 SMTP server greeting" in the
### Postscreen Howto and *UNDERSTAND* it *BEFORE* you enable the
### following tests!
#postscreen_bare_newline_action = drop
#postscreen_bare_newline_enable = yes
#postscreen_non_smtp_command_action = drop
#postscreen_non_smtp_command_enable = yes
#postscreen_pipelining_enable = yes
#postscreen_pipelining_action = drop
### ADDENDUM: Any one of the foregoing three *_enable settings may cause
### significant and annoying mail delays.
# For sharing a tempoary whitelist of addresses
#postscreen_cache_map = proxy:btree:${data_directory}/postscreen_cache
#postscreen_cache_cleanup_interval = 0

#
inet_protocols = ipv4
smtputf8_enable = yes
# require addresses of the form "u...@domain.tld"
allow_percent_hack = no
swap_bangpath = no
compatibility_level = 2
#autoresponder_destination_recipient_limit = 1
meta_directory = /usr/local/libexec/postfix
shlib_directory = /usr/local/lib/postfix
# Maximum size of inbound e-mails (50 MB)
message_size_limit = 52428800
# Maximum mailbox size (0=unlimited - is already limited by Dovecot quota)
mailbox_size_limit = 0
tls_ssl_options = no_ticket, no_compression

# Mail queue settings
maximal_queue_lifetime = 1h
bounce_queue_lifetime = 1h
maximal_backoff_time = 15m
minimal_backoff_time = 5m
queue_run_delay = 5m

# Users always have to provide full e-mail addresses
append_dot_mydomain = no

Thanks.
Dave.


On 4/21/18, Wietse Venema <wie...@porcupine.org> wrote:
> David Mehler:
>> Hello,
>>
>> I am still trying to get this email sending with autodiscover working.
>> I've temporarily put Thunderbird aside as it looks like it has a long
>> standing compatibility issue with sending commands to early, and have
>> switched to outlook 2010. With it I am getting the following which I
>> do not know what unknown is.
>>
>> Apr 21 04:22:38 hostname postfix/submission/smtpd[44179]: connect from
>> Connecting-Host-and-IP
>> Apr 21 04:22:39 hostname postfix/submission/smtpd[44179]: lost
>> connection after UNKNOWN from Connection-hostname-ip
>
> Please do not remove crucial evidence.
>
> I suppose that you still have
>
>     Apr 20 14:37:00 hostname postfix/submission/smtpd[92360]:
>     improper command pipelining after EHLO from
>     Connecting-Machine-Hostname-And-IP: QUIT\r\n.
>
> If you don't have this, what did you do to change the client's
> behavior?
>
> I suppose that you also have:
>
>     disconnect from hostname[address] ehlo=1...
>
> What is the complete set of logfile records?
>
>       Wietse
>

Reply via email to