Yes,
Application/Management Server -> ASA -> router -> PTP VPN to AWS -> AWS LB ->
EC2 RHEL8 (postfix)
Postfix is configured as a relay server.
The security team informed me that our ASA does have SMTP inspection turned on
globally.
My testing jives with what's been said about this ASA inspection thing.
So I'm waiting on network team to remove the global SMTP inspection rule.
What is strange, a server behind the ASA, the application is configured to send
mail to the relay port 25. Emails will never get sent.
Doing the manual on same server, telnet test will get me a 200 ******
BUT
Somehow, this same server, a powershell command to send mail will get
sent/DELIVERED.
"Send-MailMessage -From <email> -To <email> -Subject "<subject>" -Body "<BODY
DATA>" -SmtpServer <postfix server> -Port 25"
I'm hoping the ASA rule is disabled and all relaying works.
-----Original Message-----
From: Wietse Venema <wie...@porcupine.org>
Sent: Friday, June 11, 2021 9:53 AM
To: Apelin, Eulogio <eulogio.ape...@hawaiianair.com>
Cc: postfix-users@postfix.org
Subject: Re: [NON-HA] Re: Need help with response to HELO, 502 5.5.2 Error
*** CAUTION: This email originated from outside the organization *** Do NOT
click links or open attachments unless you recognize the sender and know the
content is safe.
> postfix/smtpd[8385]: vstream_buf_get_ready: fd 10 got 1
You're looking at logging from SMTP SERVER to diagnose OUTBOUND email
deliveries by the SMTP CLIENT??
Read my email again.
Wietse
After the Postfix SMTP client sees the "220 ***..." greeting it logs a warning
(you DID look in the logs?) and will by default disable ESMTP and send HELO
instead of EHLO.
This default setting is:
smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
You can configure that to not disable ESMTP, so that Postfix will send EHLO
instead:
smtp_pix_workarounds = delay_dotcrlf
That might get you past the HELO problem.
Wietse
