ETRN use and Postfix configuration

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

ETRN use and Postfix configuration

J Doe
Hello,

I read the “Postfix ETRN Howto” [1] as well as man 5 postconf with regards to:

    postscreen_discard_ehlo_keywords
    smtpd_discard_ehlo_keywords

... and disabled the announcement of ETRN via:

    postscreen_discard_ehlo_keywords = ETRN
    smtpd_discard_ehlo_keywords = ETRN

I then restarted the server and observed an inbound connection from Gmail:

Feb 27 21:12:19 server postfix/smtpd[2369]: connect from mail-oi0-x22f.google.com
Feb 27 21:12:19 server postfix/smtpd[2369]: discarding EHLO keywords: ETRN
Feb 27 21:12:19 server postfix/smtpd[2369]: Trusted TLS connection established ...
Feb 27 21:12:19 server postfix/smtpd[2369]: discarding EHLO keywords: ETRN

My question is:

** Is the Gmail SMTP server attempting to use ETRN on the first, unencrypted SMTP session with my server and then attempting to request it again after STARTTLS when the TLS connection is established and this is why it is logging that it is discarding ETRN each time or ...

** Is Postfix logging that ETRN is disabled on the first, unencrypted SMTP session and then logging this again for the encrypted session (ie: Postfix is just logging I disabled this and Google is not attempting to issue ETRN each time) ?

Thanks,

- J

Sources:
[1] www.postfix.org/ETRN_README.html
Reply | Threaded
Open this post in threaded view
|

Re: ETRN use and Postfix configuration

Noel Jones-2
On 2/27/2018 8:29 PM, J Doe wrote:

> Hello,
>
> I read the “Postfix ETRN Howto” [1] as well as man 5 postconf with regards to:
>
>     postscreen_discard_ehlo_keywords
>     smtpd_discard_ehlo_keywords
>
> ... and disabled the announcement of ETRN via:
>
>     postscreen_discard_ehlo_keywords = ETRN
>     smtpd_discard_ehlo_keywords = ETRN
>
> I then restarted the server and observed an inbound connection from Gmail:
>
> Feb 27 21:12:19 server postfix/smtpd[2369]: connect from mail-oi0-x22f.google.com
> Feb 27 21:12:19 server postfix/smtpd[2369]: discarding EHLO keywords: ETRN
> Feb 27 21:12:19 server postfix/smtpd[2369]: Trusted TLS connection established ...
> Feb 27 21:12:19 server postfix/smtpd[2369]: discarding EHLO keywords: ETRN
>
> My question is:
>
> ** Is the Gmail SMTP server attempting to use ETRN on the first, unencrypted SMTP session with my server and then attempting to request it again after STARTTLS when the TLS connection is established and this is why it is logging that it is discarding ETRN each time or ...

Not this.

>
> ** Is Postfix logging that ETRN is disabled on the first, unencrypted SMTP session and then logging this again for the encrypted session (ie: Postfix is just logging I disabled this and Google is not attempting to issue ETRN each time) ?

Yes, this. The informative message is logged as soon as the client
sends EHLO, and before the client sends any other commands.

Now that you know it's working, you can use the silent_discard
keyword to clean up the logs.



  -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: ETRN use and Postfix configuration

J Doe
Hi Noel,

> On Feb 27, 2018, at 10:18 PM, Noel Jones <[hidden email]> wrote:
>> ** Is Postfix logging that ETRN is disabled on the first, unencrypted SMTP session and then logging this again for the encrypted session (ie: Postfix is just logging I disabled this and Google is not attempting to issue ETRN each time) ?
>
> Yes, this. The informative message is logged as soon as the client
> sends EHLO, and before the client sends any other commands.
>
> Now that you know it's working, you can use the silent_discard
> keyword to clean up the logs.
>
>  -- Noel Jones

Thanks for you reply.  Ok, good to know; I will prepend silent_discard to the list.

- J
Reply | Threaded
Open this post in threaded view
|

Re: ETRN use and Postfix configuration

@lbutlr
In reply to this post by J Doe
On Feb 27, 2018, at 18:29, J Doe <[hidden email]> wrote:
> postscreen_discard_ehlo_keywords
>    smtpd_discard_ehlo_keywords

Isn't ETRN a good thing? What's the benefit from disabling it?
--
My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now.


Reply | Threaded
Open this post in threaded view
|

Re: ETRN use and Postfix configuration

Wietse Venema
LuKreme:
> On Feb 27, 2018, at 18:29, J Doe <[hidden email]> wrote:
> > postscreen_discard_ehlo_keywords
> >    smtpd_discard_ehlo_keywords
>
> Isn't ETRN a good thing? What's the benefit from disabling it?

Good if used by the right client (who needs this nowadays?), otherwise
ERTN it is a waste of scheduler resources.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: ETRN use and Postfix configuration

J Doe
In reply to this post by @lbutlr
Hi LuKreme,

> On Mar 4, 2018, at 8:44 AM, LuKreme <[hidden email]> wrote:
>
> Isn't ETRN a good thing? What's the benefit from disabling it?
> --
> My main job is trying to come up with new and innovative and effective ways to reject even more mail. I'm up to about 97% now.
>

It’s a good thing in that it is an improvement over the original TURN verb with some security as opposed to no security.

RFC 1985 (ETRN) makes two use cases for this:

** Startup conditions
** “..mail nodes that have transient connections to their service providers”

The last point is referring to when someone had a gateway SMTP server that used to periodically dial up an ISP and exchange e-mail with it, server to server.  That was common in the 90’s (which is when the RFC was submitted), but you’d be pretty hard pressed to find that now.

Postfix supports fast ETRN [1], which has performance optimizations over what other implementations provide, but you have to explicitly configure it to use it.  From my original e-mail I learned from the list how to squelch the advertisement on EHLO and ensure that it was not configured, either.

Sources:

[1] http://www.postfix.org/ETRN_README.html