Postfix lost connection after EHLO from neon.domain.com

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix lost connection after EHLO from neon.domain.com

motty.cruz
Hello, 

I am trying to figure out why my Postfix disconnect after EHLO command. A customer is trying to email me something but Postfix disconnect: ( on the customer side this is the bounced message "Remote Server returned '<spring1.mydomain.com #5.0.0 smtp; 554 Security violation. Email Session ID:" )

your help is appreciated! 


Feb  8 09:46:03 spring1 postfix/smtpd[47824]: connect from neon.domain.com[189.45.22.55]
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: match_hostname: smtpd_client_event_limit_exceptions: neon.domain.com ~? 189.45.22.55
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 220 spring1.mydomain
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: < neon.domain.com[189.45.22.55]: EHLO neon.domain.com
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: match_list_match: neon.domain.com: no match
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-spring1.mydomain
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-PIPELINING
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-SIZE 20480000
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-VRFY
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-ETRN
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-ENHANCEDSTATUSCODES
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-8BITMIME
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: connect from neon.domain.com[189.45.22.55]
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: match_hostname: smtpd_client_event_limit_exceptions: neon.domain.com ~? 189.45.22.55
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 220 spring1.mydomain
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: < neon.domain.com[189.45.22.55]: EHLO neon.domain.com
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: match_list_match: neon.domain.com: no match
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-spring1.mydomain
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-PIPELINING
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-SIZE 20480000
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-VRFY
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-ETRN
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-ENHANCEDSTATUSCODES
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-8BITMIME
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-DSN
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250 SMTPUTF8
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: match_hostname: smtpd_client_event_limit_exceptions: neon.domain.com ~? 189.45.22.55
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: lost connection after EHLO from neon.domain.com[189.45.22.55]
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: disconnect from neon.domain.com[189.45.22.55] ehlo=1 commands=1
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: connect from neon.domain.com[189.45.22.55]
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: match_hostname: smtpd_client_event_limit_exceptions: neon.domain.com ~? 189.45.22.55
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 220 spring1.mydomain
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: < neon.domain.com[189.45.22.55]: EHLO neon.domain.com
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: match_list_match: neon.domain.com: no match
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-spring1.mydomain
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-PIPELINING
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-SIZE 20480000
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-VRFY
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-ETRN
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-ENHANCEDSTATUSCODES
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-8BITMIME
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: connect from neon.domain.com[189.45.22.55]
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: match_hostname: smtpd_client_event_limit_exceptions: neon.domain.com ~? 189.45.22.55
Feb  8 09:46:03 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 220 spring1.mydomain
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: < neon.domain.com[189.45.22.55]: EHLO neon.domain.com
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: match_list_match: neon.domain.com: no match
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-spring1.mydomain
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-PIPELINING
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-SIZE 20480000
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-VRFY
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-ETRN
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-ENHANCEDSTATUSCODES
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-8BITMIME
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250-DSN
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250 SMTPUTF8
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: match_hostname: smtpd_client_event_limit_exceptions: neon.domain.com ~? 189.45.22.55
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: lost connection after EHLO from neon.domain.com[189.45.22.55]
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: disconnect from neon.domain.com[189.45.22.55] ehlo=1 commands=1


--
Thanks for your support, 
Motty
Reply | Threaded
Open this post in threaded view
|

Re: Postfix lost connection after EHLO from neon.domain.com

Bastian Blank-3
On Thu, Feb 08, 2018 at 09:43:51PM -0800, motty cruz wrote:
> I am trying to figure out why my Postfix disconnect after EHLO command. A
> customer is trying to email me something but Postfix disconnect: ( on the
> customer side this is the bounced message "Remote Server returned '<
> spring1.mydomain.com #5.0.0 smtp; 554 Security violation. Email Session
> ID:" )

This is no Postfix messages. According to Google this is some MtM
device.

> Feb  8 09:46:03 spring1 postfix/smtpd[47824]: connect from neon.domain.com

Verbose logging is not needed, it just drowns you.

> Feb  8 09:46:04 spring1 postfix/smtpd[47824]: lost connection after EHLO
> from neon.domain.com[189.45.22.55]

You really know someone owning domain.com?

Bastian

--
Peace was the way.
                -- Kirk, "The City on the Edge of Forever", stardate unknown
Reply | Threaded
Open this post in threaded view
|

Re: Postfix lost connection after EHLO from neon.domain.com

motty.cruz

Hello Bastian,

you're right "

( on the
customer side this is the bounced message "Remote Server returned '<
spring1.mydomain.com #5.0.0 smtp; 554 Security violation. Email Session
ID:" )

is on the response of the remote server (smtp server of person submitting the email)

but this log below is from my Spam-Filter: 
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: > neon.domain.com[189.45.22.55]: 250 SMTPUTF8
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: match_hostname: smtpd_client_event_limit_exceptions: neon.domain.com ~? 189.45.22.55
Feb  8 09:46:04 spring1 postfix/smtpd[47824]: lost connection after EHLO from neon.domain.com[189.45.22.55]

Isn't because my smtp server does not support TLS?  or do you have any idea how to solve this problem?
is driving me to the cliff.
_Motty

On 2/8/2018 10:18 PM, Bastian Blank wrote:
On Thu, Feb 08, 2018 at 09:43:51PM -0800, motty cruz wrote:
I am trying to figure out why my Postfix disconnect after EHLO command. A
customer is trying to email me something but Postfix disconnect: ( on the
customer side this is the bounced message "Remote Server returned '<
spring1.mydomain.com #5.0.0 smtp; 554 Security violation. Email Session
ID:" )
This is no Postfix messages. According to Google this is some MtM
device.

Feb  8 09:46:03 spring1 postfix/smtpd[47824]: connect from neon.domain.com
Verbose logging is not needed, it just drowns you.

Feb  8 09:46:04 spring1 postfix/smtpd[47824]: lost connection after EHLO
from neon.domain.com[189.45.22.55]
You really know someone owning domain.com?

Bastian

Reply | Threaded
Open this post in threaded view
|

Re: Postfix lost connection after EHLO from neon.domain.com

Bill Cole-3
On 9 Feb 2018, at 9:09, Motty Cruz wrote:

> Hello Bastian,
>
> you're right "
>
> ( on the
> customer side this is the bounced message "Remote Server returned '<
> spring1.mydomain.com #5.0.0 smtp; 554 Security violation. Email
> Session
> ID:" )

This is a message generated by a dysfunctional and misguided option in a
firewall. The sender is having their SMTP session hijacked by that
firewall and mishandled because the firewall manufacturer doesn't
understand SMTP adequately to function without breaking connections
carelessly and for no good reason.

> Isn't because my smtp server does not support TLS?  or do you have
> any idea how to solve this problem?
> is driving me to the cliff.

The sender needs to fix their firewall.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix lost connection after EHLO from neon.domain.com

Bill Cole-3
In reply to this post by motty.cruz
One more thing...

On 9 Feb 2018, at 9:09, Motty Cruz wrote:

> Isn't because my smtp server does not support TLS? 

Yes, it could be. Their broken firewall may be set to require TLS
support.

Which is not in itself a bad thing. The only thing broken about this IF
it's because they require TLS is the way they are disconnecting.

Not supporting TLS for incoming email is not a rational choice in the
modern world.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix lost connection after EHLO from neon.domain.com

motty.cruz
Thanks Bill,

The customer is from fairly large company and they're able to send email
to other clients. They will not cooperate to help me troubleshoot this
issue. I am working from the assumption the problem is on my side.

We were getting emails from that client up to few weeks ago. Nothing has
changed on my side.

I had configured Postfix to handle TLS not sure if it will fix the error
they're having.

This issue is tormenting me! not sure where else to try to prove is on
their side.

If you have any other ideas please share, I appreciate your help!

Thanks for your support!

On 2/9/2018 9:25 AM, Bill Cole wrote:

> One more thing...
>
> On 9 Feb 2018, at 9:09, Motty Cruz wrote:
>
>> Isn't because my smtp server does not support TLS?
>
> Yes, it could be. Their broken firewall may be set to require TLS
> support.
>
> Which is not in itself a bad thing. The only thing broken about this
> IF it's because they require TLS is the way they are disconnecting.
>
> Not supporting TLS for incoming email is not a rational choice in the
> modern world.
Reply | Threaded
Open this post in threaded view
|

Re: Postfix lost connection after EHLO from neon.domain.com

Erik


On 09-02-18 18:35, Motty Cruz wrote:
> If you have any other ideas please share, I appreciate your help!


You could try getting a packet trace on your end. It might show you in
more detail what is going on. Worst case you learn nothing new.

regards,
Erik
Reply | Threaded
Open this post in threaded view
|

Re: Postfix lost connection after EHLO from neon.domain.com

Wietse Venema
In reply to this post by Bastian Blank-3
Bastian Blank:
> On Thu, Feb 08, 2018 at 09:43:51PM -0800, motty cruz wrote:
> > I am trying to figure out why my Postfix disconnect after EHLO command. A
> > customer is trying to email me something but Postfix disconnect: ( on the
> > customer side this is the bounced message "Remote Server returned '<
> > spring1.mydomain.com #5.0.0 smtp; 554 Security violation. Email Session
> > ID:" )
>
> This is no Postfix messages. According to Google this is some MtM
> device.

You need to find out why *THEIR* firewall is refusing to deliver mail.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix lost connection after EHLO from neon.domain.com

motty.cruz
Dr. Wietse,

Thank you very much for taking the time to reply to my email.

I enabled TLS on Postfix with a certificate from letsencrypt.com for
temporary solution. This solved the problem, we're now able to received
emails  from that specific client.

Your support on this matter is appreciated!

Thanks,
Motty

On 2/9/2018 11:45 AM, Wietse Venema wrote:

> Bastian Blank:
>> On Thu, Feb 08, 2018 at 09:43:51PM -0800, motty cruz wrote:
>>> I am trying to figure out why my Postfix disconnect after EHLO command. A
>>> customer is trying to email me something but Postfix disconnect: ( on the
>>> customer side this is the bounced message "Remote Server returned '<
>>> spring1.mydomain.com #5.0.0 smtp; 554 Security violation. Email Session
>>> ID:" )
>> This is no Postfix messages. According to Google this is some MtM
>> device.
> You need to find out why *THEIR* firewall is refusing to deliver mail.
>
> Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Postfix lost connection after EHLO from neon.domain.com

@lbutlr
In reply to this post by motty.cruz
On 2018-02-08 (22:43 MST), motty cruz <[hidden email]> wrote:
>
> match_hostname: smtpd_client_event_limit_exceptions: neon.domain.com ~? 189.45.22.55


postconf -n

What (and why) do you have smtpd_client_event_limit_exceptions set to?

Also, I don't believe for a second that domain.com is connecting to you. Please do not make up domains for your logs.

use example.com, example.net, example.org or, if you must, domain.tld or something like that (I like using .tld myself, but best practice is to use example.com/net/org/


--
Living is easy with eyes closed, misunderstanding all you see