Philip Paeps:
> I've started noticing messages like these in my logs and the logs on
> mx1.FreeBSD.org in recent months:
>
> Oct 13 00:58:21 rincewind postfix/postscreen[76460]: COMMAND PIPELINING
> from [46.101.147.153]:59818 after BDAT: DKIM-Sig
> nature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
> d=masozm.com;\r\n\t s=mail; h=Content-
> ...
There are two problems: one is big and one is small.
The big problem: it is a PROTOCOL ERROR when the remote SMTP client
sends a BDAT (or DATA) command, because postscreen rejects all
RCPT TO commands, and does not announce PIPELINING support.
So no matter what, this client should not pass strict postscreen
protocol enforcement.
The small problem: the 20180903 patch incorrectly fixes a misleading
warning message; it tests the right flag, but in the wrong variable.
If I fix this, then postscreen in strict protocol mode should still
flag Exim's behavior as a protocol error.
> I've turned postscreen_pipelining_enable off on mx1.FreeBSD.org for the
> time being because it was getting a lot of legitimate email deferred
> (and timed out).
Another reason to turn off all 'after-220' tests is that turning
on one will turn on the others, too. That may be OK when a client
has already failed the 'before-220' tests, but should probably not
happen otherwise.
Wietse
