mailman
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[gnu.org #1448007] Illegal command pipelining by lists.gnu.org (209.51.1

From: Ian Kelling via RT
Subject: [gnu.org #1448007] Illegal command pipelining by lists.gnu.org (209.51.188.17)
Date: Wed, 13 Nov 2019 15:05:58 -0500 
On Wed Nov 13 14:10:15 2019, address@hidden wrote:
> On 11/13/19 1:42 PM, Ian Kelling via RT wrote:
> >
> > I don't see any good config based workaround.
> >
> > We are definitely not failing to send much mail due to this.  It was
> > added to postscreen in this commit:
> >
> > commit 0f05229942fe2d11ab69bfa5a24faa7c8ae910b8
> > Author: Wietse Venema <address@hidden>
> > Date:   Sun Oct 13 00:00:00 2019 -0500
> >
> > And it was fixed in exim more recently than that.
> 
> Postscreen (and this check) were added to Postfix back in 2010. We're
> running whatever stable version of postfix that Gentoo provides -- I'm
> not compiling my own bleeding-edge version of it to harass you with
> incompatibilities =)
> 
> Right now we're on v3.4.5 from March 2019. The relevant change in that
> release is that postfix began to announce BDAT support, as quoted from
> 
> http://ftp.porcupine.org/mirrors/postfix-release/official/postfix-
> 3.4.7.RELEASE_NOTES
> 
> [Incompat 20180826] The Postfix SMTP server announces CHUNKING (BDAT
> command) by default. In the unlikely case that this breaks some
> important remote SMTP client, disable the feature as follows...
> 
> My guess is that postfix announcing BDAT support exposed a pre-
> existing
> bug in Exim.
> 
> As far as real mail operators are concerned, running an MTA from March
> is still pretty bleeding-edge, but that's the stable release according
> to postfix.org and not just Gentoo. It's going to get more popular, if
> anything.
> 
> 
> > ...I suggest using a postscreen version which is slightly older or
> > disabling this check. Otherwise, you will be rejecting mail from lots
> > of exim servers. I could configure exim to not do chunking for just
> > your mail server, but I don't want to encourage unreasonable mail
> > rejection.
> 
> I can disable BDAT too, but would rather not hack around something
> that
> won't need hacking in the long run. I'll be watching the mail logs
> more
> carefully now, though. I've temporarily worked around the issue for
> lists.gnu.org by adding an entry to postscreen's whitelist cache that
> will last until somebody reboots the server (probably me).

Ok. I was wrong about the postfix version. However, a main
motivation of postscreen is that spambots are less compliant to email
rfcs than legitimate mail software. I doubt any software is perfectly
compliant to all email rfcs, so postscreen users / developers are going
to run into this situation where some rfc behavior test does not
actually indicate bad mail software, and blocking mail over it makes no
sense until the legitimate mail servers follow that part of the
standard.

-- 
Ian Kelling | Senior Systems Administrator, Free Software Foundation
GPG Key: B125 F60B 7B28 7FF6 A2B7  DF8F 170A F0E2 9542 95DF
https://fsf.org | https://gnu.org
reply via email to
[Prev in Thread] Current Thread [Next in Thread]