Re: lost connection with while receiving the initial server greeting

[Brian Evans - Postfix List]

Paweł Burzyński wrote:
> smtpd_banner = Poczta CBMM PAN 
>   
Wietse answered the question precisely.
Part of the reason may be that you do not follow the SMTP protocol in
this line.
http://www.postfix.org/postconf.5.html#smtpd_banner says it MUST start
with $myhostname.
Also removing ESMTP from that line may limit features in Postfix that
outside clients might think do not exist.

> smtpd_recipient_restrictions = permit_mynetworks,  permit_sasl_authenticated, 
>  reject_unauth_destination, reject_non_fqdn_hostname, 
> reject_non_fqdn_recipient, reject_unauth_pipelining, 
> reject_unknown_recipient_domain, reject_rhsbl_recipient dnsbl.njabl.org,  
>reject_rhsbl_recipient blackholes.mail-abuse.org, 
> reject_rhsbl_recipient relays.mail-abuse.org, reject_rbl_client 
> sbl.spamhaus.org,reject_rbl_client cbl.abuseat.org,reject_rbl_client 
> dul.dnsbl.sorbs.net,reject_rbl_client pbl.spamhaus.org,
> reject_rbl_client blackholes.easynet.nl,reject_rbl_client 
> proxies.blackholes.wirehub.net,reject_rbl_client bl.spamcop.net,
> reject_rhsbl_client blackhole.securitysage.com,reject_rhsbl_sender 
> blackhole.securitysage.com,reject_rhsbl_sender dsn.rfc-ignorant.org
> reject_rbl_client dynamic.rbl.tld,reject_rhsbl_client revdns.rbl.tld,
> reject_rhsbl_helo revdns.rbl.tld,reject_rbl_client sbl-xbl.spamhaus.org,  
>   permit
>   

As a side note, you can merge (sbl|pbl|sbl-xbl).spamhaus.org and
cbl.abuseat.org into zen.spamhaus.org.
One lookup instead of four.

Re: lost connection with while receiving the initial server greeting

[Wietse Venema]

Pawe? Burzy?ski:
> (lost connection with orion.put.poznan.pl[150.254.5.4] while receiving the 
> initial server greeting)

The TCP-level three-way handshake was completed, but no SMTP-level
greeting was received within $smtp_helo_timeout seconds (default:
300s).  In other words, an application-layer problem.

This could mean that all SMTP *server* processes are busy.

Wietse

lost connection with while receiving the initial server greeting

[Paweł Burzyński]

I have a problemwitch some servers lost connection with

-Queue ID- --Size-- Arrival Time -Sender/Recipient---
84AE37D1C 10132 Tue Nov 17 14:39:37  jrajp...@cbmm.lodz.pl
(lost connection with orion.put.poznan.pl[150.254.5.4] while receiving the 
initial server greeting)
 w...@ml.put.poznan.pl

5BD317D1A 10752 Tue Nov 17 13:48:37  jrajp...@cbmm.lodz.pl
(lost connection with orion.put.poznan.pl[150.254.5.4] while receiving the 
initial server greeting)
 w...@ml.put.poznan.pl

POSTCONF -N

 alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 3d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_vrfy_command = yes
home_mailbox = Maildir/
in_flow_delay = 5s
inet_interfaces = all
inet_protocols = ipv4
mail_name = Serwer CBMM PAN 
mailbox_size_limit = 0
masquerade_domains = cbmm.lodz.pl
maximal_queue_lifetime = 3d
message_size_limit = 35000
mydestination = bilbo2.cbmm.lodz.pl, localhost
mydomain = cbmm.lodz.pl
myhostname = bilbo2.cbmm.lodz.pl
mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
myorigin = /etc/mailname
queue_run_delay = 15m
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = Poczta CBMM PAN 
smtpd_delay_reject = yes
smtpd_error_sleep_time = 3
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname,  permit
smtpd_recipient_restrictions = permit_mynetworks,  permit_sasl_authenticated,   
   reject_unauth_destination, reject_non_fqdn_hostname, 
reject_non_fqdn_recipient, reject_unauth_pipelining, 
reject_unknown_recipient_domain, reject_rhsbl_recipient dnsbl.njabl.org,
 reject_rhsbl_recipient blackholes.mail-abuse.org, reject_rhsbl_recipient 
relays.mail-abuse.org, reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,
reject_rbl_client pbl.spamhaus.org,reject_rbl_client blackholes.easynet.nl, 
   reject_rbl_client proxies.blackholes.wirehub.net,reject_rbl_client 
bl.spamcop.net,reject_rhsbl_client blackhole.securitysage.com,
reject_rhsbl_sender blackhole.securitysage.com,reject_rhsbl_sender 
dsn.rfc-ignorant.orgreject_rbl_client dynamic.rbl.tld,
reject_rhsbl_client revdns.rbl.tld,reject_rhsbl_helo revdns.rbl.tld,
reject_rbl_client sbl-xbl.spamhaus.org,permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
strict_rfc821_envelopes = yes