Deutsch English Français Italiano |
<5c620d24d884ece84a12b62e2a4cbf45@www.novabbs.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder9.news.weretis.net!i2pn.org!i2pn2.org!.POSTED!not-for-mail From: hquest@hquest.pro.br (HQuest) Newsgroups: comp.mail.sendmail Subject: [client] did not issue MAIL/EXPN/VRFY/ETRN during connection Date: Fri, 26 Apr 2024 17:47:06 +0000 Organization: novaBBS Message-ID: <5c620d24d884ece84a12b62e2a4cbf45@www.novabbs.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Info: i2pn2.org; logging-data="2447653"; mail-complaints-to="usenet@i2pn2.org"; posting-account="2XJ8hjIEUuziWBqN+XBS7yv7yfwqQ5GdIjLva+fAx2c"; User-Agent: Rocksolid Light X-Rslight-Site: $2y$10$8qDga9T9WBvs2wp3RRsABepK5irJv.f5UKZDdFsn9uzQQ4sTX938W X-Spam-Checker-Version: SpamAssassin 4.0.0 X-Rslight-Posting-User: 3d3517e5dd24387fdf8da64199401ea731577ab2 Bytes: 11073 Lines: 137 I've began to see quite a few "[client] did not issue MAIL/EXPN/VRFY/ETRN during connection" messages at my mail log files, from origins such as Mailchimp and Microsoft hosted systems. Not certain what changed, since I can still receive emails from other as large as places such as Google and Cisco - although a few Cisco originated emails fails with the same message, though. Any hints where can I begin troubleshooting this, since I don't have any visibility to the remote end, or does anyone sees anything blatantly wrong on my heavily customized cf? include(`../m4/cf.m4') VERSIONID(`2024-04-26 v1.13 for mx.domain.com: SASL - RSA certs - Hardened TLSv1.2+ PCIDSS/HIPAA/NIST - DANE- IPv6 - MTA+MSA+SMTPS - EnhDNSBL for Internet hosts - OpenARC - OpenDMARC+SPF - OpenDKIM - SpamAssassin - dovecot procmail - 4096bit FF DHParam - MTA-STS - SMTPUTF8 - More aggressive timeouts - SMTP smuggling fix')dnl OSTYPE(`linux')dnl define(`confLOG_LEVEL', `14')dnl define(`confOPENSSL_CNF',`')dnl define(`confSMTP_LOGIN_MSG',`$j $b') define(`confDOMAIN_NAME', `domain.com')dnl define(`confHELO_NAME', `mx.domain.com')dnl define(`confCACERT_PATH', `/etc/ssl/certs') define(`confCACERT', `/etc/mail/domain.com.chain.rsa.pem') define(`confSERVER_CERT', `/etc/mail/domain.com.rsa.pem') define(`confSERVER_KEY', `/etc/mail/domain.com.rsa.key') define(`confCLIENT_CERT', `/etc/mail/domain.com.rsa.pem') define(`confCLIENT_KEY', `/etc/mail/domain.com.rsa.key') define(`confDH_PARAMETERS',`/etc/ssl/certs/ffdhe4096.pem') dnl# Cert uses OCSP only dnl# define(`confCRL', `/etc/ssl/certs/revoke.crl') define(`confPRIVACY_FLAGS', `authwarnings,goaway,restrictqrun,restrictmailq')dnl define(`SMART_HOST',`mx.domain.com') define(`confTO_IDENT', `0')dnl define(`confAUTH_OPTIONS', `A p y')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl define(`confDANE', `always')dnl define(`confTO_HELO', `1m')dnl define(`confTO_MAIL', `30s')dnl define(`confTO_RCPT', `30s')dnl define(`confTO_DATAINIT', `45s')dnl define(`confTO_DATABLOCK', `5m')dnl define(`confTO_DATAFINAL', `1m')dnl define(`confTO_AUTH', `30s')dnl define(`confTO_STARTTLS', `1m')dnl define(`confTO_COMMAND', `1m')dnl define(`confMAX_RCPTS_PER_MESSAGE', `5')dnl define(`confBAD_RCPT_THROTTLE', `5')dnl define(`LOCAL_SRV_FEATURES',`F,o')dnl define(`confTLS_FALLBACK_TO_CLEAR', `False')dnl define(`confSERVER_SSL_OPTIONS',`+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE +SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION +SSL_OP_NO_COMPRESSION') define(`confCLIENT_SSL_OPTIONS',`+SSL_OP_NO_SSLv2 +SSL_OP_NO_SSLv3 +SSL_OP_CIPHER_SERVER_PREFERENCE +SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION +SSL_OP_NO_COMPRESSION +SSL_OP_NO_RENEGOTIATION') define(`confCIPHER_LIST',`ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA') DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp')dnl DAEMON_OPTIONS(`Family=inet6, Name=MSA-v6, Port=submission, Modifiers=Ea')dnl DAEMON_OPTIONS(`Family=inet6, Name=MTAS-v6, Port=smtps, Modifiers=Eas')dnl EXPOSED_USER(`root')dnl FEATURE(`no_default_msa')dnl FEATURE(`use_cw_file')dnl FEATURE(`use_ct_file')dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl FEATURE(`relay_hosts_only')dnl FEATURE(`sts',`socket -d5 -T<TMPF> inet:8895@127.0.0.1')dnl FEATURE(`tls_session_features')dnl FEATURE(`masquerade_envelope')dnl FEATURE(`masquerade_entire_domain')dnl FEATURE(`local_procmail', `/usr/libexec/dovecot/dovecot-lda',`/usr/libexec/dovecot/dovecot-lda -d $u') FEATURE(`always_add_domain')dnl FEATURE(`redirect')dnl FEATURE(`enhdnsbl', `zen.spamhaus.org', `"554 IP address listed in Spamhaus ZEN. See https://www.spamhaus.org/query/ip/" $&{client_addr}', `127.0.0.2', `127.0.0.3', `127.0.0.4', `127.0.0.9', `127.0.0.10', `127.0.0.11')dnl FEATURE(`authinfo',`hash -o /etc/mail/authinfo.db')dnl INPUT_MAIL_FILTER(`opendkim', `S=inet:8894@127.0.0.1,F=T,T=R:2m') INPUT_MAIL_FILTER(`openarc', `S=inet:8893@127.0.0.1,F=T,T=R:2m') INPUT_MAIL_FILTER(`opendmarc',`S=inet:8892@127.0.0.1,F=T,T=R:2m') INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl define(`confMILTER_MACROS_HELO',`s, {verify}, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl define(`confMILTER_MACROS_ENVFROM',`i, {auth_authen}, {auth_type}')dnl define(`confMILTER_MACROS_ENVRCPT',`r, v, Z, b, _')dnl LOCAL_DOMAIN(`mx.domain.com')dnl MAILER(local)dnl MAILER(smtp)dnl MAILER(procmail)dnl MODIFY_MAILER_FLAGS(`LOCAL', `-f') MASQUERADE_AS(`domain.com')dnl MASQUERADE_DOMAIN(`domain.com')dnl TRUST_AUTH_MECH(`LOGIN PLAIN')dnl LOCAL_CONFIG O SmtpUTF8=True Kcheck_client dns -R a -T T -q # Exclude specific hosts of networks from DNSBL checks HSubject: $>CheckRcptTo $: $>3 $1 HSubject: $* OK $>3 This is what I see when I start sendmail: Apr 26 13:15:28 mxhost sm-mta[128462]: starting daemon (8.18.1): SMTP+queueing@00:25:00 Apr 26 13:15:28 mxhost sm-mta[128462]: STARTTLS: CRLFile missing Apr 26 13:15:28 mxhost sm-mta[128462]: STARTTLS=server, Diffie-Hellman init, key=4096 bit (/) Apr 26 13:15:28 mxhost sm-mta[128462]: STARTTLS=server, init=1 Apr 26 13:15:28 mxhost sm-mta[128462]: started as: /usr/sbin/sendmail -L sm-mta -bd -q25m Apr 26 13:15:28 mxhost sm-msp-queue[128465]: starting daemon (8.18.1): queueing@00:25:00 Here's a section of the logs with the debug lvl 14 enabled for a server that failed: Apr 26 13:16:01 mxhost sm-mta[126129]: NOQUEUE: connect from mx0a-0017d901.pphosted.com [208.84.65.218] Apr 26 13:16:01 mxhost sm-mta[126129]: AUTH warning: no mechanisms Apr 26 13:16:01 mxhost sm-mta[126129]: 43QHG1xY126129: Milter (opendkim): init success to negotiate Apr 26 13:16:01 mxhost sm-mta[126129]: 43QHG1xY126129: Milter (openarc): init success to negotiate Apr 26 13:16:01 mxhost sm-mta[126129]: 43QHG1xY126129: Milter (opendmarc): init success to negotiate Apr 26 13:16:01 mxhost sm-mta[126129]: 43QHG1xY126129: Milter (spamassassin): init success to negotiate Apr 26 13:16:01 mxhost sm-mta[126129]: 43QHG1xY126129: Milter: connect to filters Apr 26 13:16:01 mxhost sm-mta[126129]: 43QHG1xY126129: milter=opendkim, action=connect, continue Apr 26 13:16:01 mxhost sm-mta[126129]: 43QHG1xY126129: milter=openarc, action=connect, continue Apr 26 13:16:01 mxhost sm-mta[126129]: 43QHG1xY126129: milter=opendmarc, action=connect, continue Apr 26 13:16:01 mxhost sm-mta[126129]: 43QHG1xY126129: milter=spamassassin, action=connect, continue Apr 26 13:17:01 mxhost sm-mta[126129]: 43QHG1xY126129: timeout waiting for input from mx0a-0017d901.pphosted.com during server cmd read Apr 26 13:17:01 mxhost sm-mta[126129]: 43QHG1xY126129: mx0a-0017d901.pphosted.com [208.84.65.218] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v6 And another section for a server that delivered: Apr 26 13:17:24 mxhost sm-mta[127026]: NOQUEUE: connect from mail.domain2.com [x.x.x.x] Apr 26 13:17:24 mxhost sm-mta[127026]: AUTH warning: no mechanisms Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr3127026: Milter (opendkim): init success to negotiate Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr3127026: Milter (openarc): init success to negotiate Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr3127026: Milter (opendmarc): init success to negotiate Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr3127026: Milter (spamassassin): init success to negotiate Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr3127026: Milter: connect to filters Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr3127026: milter=opendkim, action=connect, continue Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr3127026: milter=openarc, action=connect, accepted Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr3127026: milter=opendmarc, action=connect, accepted Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr3127026: milter=spamassassin, action=connect, accepted Apr 26 13:17:24 mxhost sm-mta[127026]: tls_srv_features="", relay=mail.domain2.com [x.x.x.x] Apr 26 13:17:24 mxhost sm-mta[127026]: STARTTLS=server, relay=mail.domain2.com [x.x.x.x], version=TLSv1.3, verify=NO, cipher=TLS_AES_256_GCM_SHA384, bits=256/256 Apr 26 13:17:24 mxhost sm-mta[127026]: STARTTLS=server, cert-subject=, cert-issuer=, verifymsg=ok Apr 26 13:17:24 mxhost sm-mta[127026]: AUTH: available mech=LOGIN PLAIN, allowed mech=LOGIN PLAIN Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr4127026: milter=opendkim, action=mail, continue Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr4127026: milter=opendkim, action=rcpt, continue Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr4127026: from=<destination@domain.com>, size=334, class=0, nrcpts=1, msgid=<bb87fef9-1919-4509-89c5-202782208823@domain.com>, proto=ESMTPS, daemon=MTA-v6, relay=mail.domain2.com [x.x.x.x] Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr4127026: milter=opendkim, action=header, continue Apr 26 13:17:24 mxhost last message buffered 4 times Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr4127026: milter=opendkim, action=eoh, accepted Apr 26 13:17:24 mxhost sm-mta[127026]: 43QHKOr4127026: Milter accept: message Apr 26 13:17:24 mxhost dovecot: lda(destination)<127032><izUNH1jiK2Y48AEAsEWjtw>: msgid=<bb87fef9-1919-4509-89c5-202782208823@domain.com>: saved mail to INBOX Apr 26 13:17:24 mxhost sm-mta[127031]: 43QHKOr4127026: to=<destination@domain.com>, ctladdr=<destination@domain.com> (uid/gid), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30607, dsn=2.0.0, stat=Sent Apr 26 13:17:24 mxhost sm-mta[127031]: 43QHKOr4127026: done; delay=00:00:00, ntries=1