DevHeads.net

Uhm... next bug or my faulty configuration?

Hello,

updated from 3.4.1 to 3.4.3 and at the same time dovecot-2.2 to dovecot-2.3 ( + pigeonhole)
I assume the changes behavior is dovecot/pigeonhole now using the advertised "CHUNKING" extension.

Now an echo service (dovecot-2.3-pigeonhole) don't send messages anymore.
Reason: "Data command rejected: Multi-recipient bounce" while there is clearly only one recipient.

the relevant debug logs:

Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 220 signing-milter.org ESMTP
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: < signing-milter.org[84.200.211.109]: EHLO signing-milter.org
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250-signing-milter.org
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250-PIPELINING
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250-SIZE 128000
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250-ENHANCEDSTATUSCODES
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250-8BITMIME
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250-DSN
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250-SMTPUTF8
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250 CHUNKING
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: < signing-milter.org[84.200.211.109]: MAIL FROM:<>
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250 2.1.0 Ok
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: < signing-milter.org[84.200.211.109]: RCPT TO:< ... at example dot org>
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 250 2.1.5 Ok
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: < signing-milter.org[84.200.211.109]: BDAT 882 LAST
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: >>> START Data command RESTRICTIONS <<<
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: generic_checks: name=reject_multi_recipient_bounce
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: 44JCRG5tYPzCqt2: reject: BDAT from signing-milter.org[84.200.211.109]: 550 5.5.3 <DATA>: Data command rejected: Multi-recipient bounce; from=<> to=< ... at example dot org> proto=ESMTP helo=<signing-milter.org>
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: generic_checks: name=reject_multi_recipient_bounce status=2
Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: >>> END Data command RESTRICTIONS <<<

Mar 11 23:27:54 dili postfix-smo/submission/smtpd[22427]: > signing-milter.org[84.200.211.109]: 550 5.5.3 <DATA>: Data command rejected: Multi-recipient bounce, servertime=Mar 11 23:27:54, server=signing-milter.org, client=84.200.211.109

current solution: run the smtpd with "smtpd_discard_ehlo_keywords=CHUNKING"

Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 220 signing-milter.org ESMTP
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: < signing-milter.org[84.200.211.109]: EHLO signing-milter.org
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: discarding EHLO keywords: CHUNKING
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: match_list_match: signing-milter.org: no match
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: match_list_match: 84.200.211.109: no match
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250-signing-milter.org
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250-PIPELINING
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250-SIZE 128000
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250-ETRN
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250-ENHANCEDSTATUSCODES
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250-8BITMIME
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250-DSN
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250 SMTPUTF8
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: < signing-milter.org[84.200.211.109]: MAIL FROM:<>
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250 2.1.0 Ok
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: < signing-milter.org[84.200.211.109]: RCPT TO:< ... at example dot org>
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 250 2.1.5 Ok
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: < signing-milter.org[84.200.211.109]: DATA
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: >>> START Data command RESTRICTIONS <<<
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: generic_checks: name=reject_multi_recipient_bounce
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: generic_checks: name=reject_multi_recipient_bounce status=0
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: generic_checks: name=reject_unauth_pipelining
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: reject_unauth_pipelining: DATA
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: generic_checks: name=reject_unauth_pipelining status=0
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: generic_checks: name=permit
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: smtpd_acl_permit: checking smtpd_log_access_permit_actions settings
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: match_list_match: permit: no match
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: smtpd_acl_permit: smtpd_log_access_permit_actions: no match
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: generic_checks: name=permit status=1
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: >>> END Data command RESTRICTIONS <<<
Mar 11 23:37:57 dili postfix-smo/submission/smtpd[22846]: > signing-milter.org[84.200.211.109]: 354 End data with <CR><LF>.<CR><LF>

since years I have "smtpd_data_restrictions = reject_multi_recipient_bounce,reject_unauth_pipelining,permit"
Must that be adjusted with 3.4.x?

Andreas

Comments

Re: Uhm... next bug or my faulty configuration?

By Viktor Dukhovni at 03/11/2019 - 19:23

Yes.

Your no-BDAT work-around is sufficient until the code is updated
along lines below: