6

I'm trying to set up a mail relay for a cranky old voicemail system. I set up postfix on a vm, enabled relaying, verified that I can telnet to port 25 from the same subnet and send mail wherever I want. Here's my main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_helo_required = no
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mailer
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mailer, localhost.localdomain, localhost
relayhost =
mynetworks = 192.168.1.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

Unfortunately, the old voicemail always tries to send a bare EHLO before sending mail. I turned on debugging for that host, and this is what I'm seeing:

Oct 13 11:48:57 mailer postfix/smtpd[2201]: connect from unknown[192.168.1.98]
Oct 13 11:48:57 mailer postfix/smtpd[2201]: smtp_stream_setup: maxtime=300 enable_deadline=0
Oct 13 11:48:57 mailer postfix/smtpd[2201]: match_hostname: unknown ~? 192.168.1.0/24
Oct 13 11:48:57 mailer postfix/smtpd[2201]: match_hostaddr: 192.168.1.98 ~? 192.168.1.0/24
Oct 13 11:48:57 mailer postfix/smtpd[2201]: > unknown[192.168.1.98]: 220 mailer ESMTP Postfix (Ubuntu)
Oct 13 11:48:57 mailer postfix/smtpd[2201]: watchdog_pat: 0x7f17a114afe0
Oct 13 11:48:57 mailer postfix/smtpd[2201]: < unknown[192.168.1.98]: EHLO
Oct 13 11:48:57 mailer postfix/smtpd[2201]: > unknown[192.168.1.98]: 501 Syntax: EHLO hostname
Oct 13 11:48:57 mailer postfix/smtpd[2201]: watchdog_pat: 0x7f17a114afe0
Oct 13 11:48:58 mailer postfix/smtpd[2201]: < unknown[192.168.1.98]: HELO
Oct 13 11:48:58 mailer postfix/smtpd[2201]: > unknown[192.168.1.98]: 501 Syntax: HELO hostname
Oct 13 11:48:58 mailer postfix/smtpd[2201]: watchdog_pat: 0x7f17a114afe0
Oct 13 11:48:58 mailer postfix/smtpd[2201]: < unknown[192.168.1.98]: QUIT
Oct 13 11:48:58 mailer postfix/smtpd[2201]: > unknown[192.168.1.98]: 221 2.0.0 Bye
Oct 13 11:48:58 mailer postfix/smtpd[2201]: match_hostname: unknown ~? 192.168.1.0/24
Oct 13 11:48:58 mailer postfix/smtpd[2201]: match_hostaddr: 192.168.1.98 ~? 192.168.1.0/24
Oct 13 11:48:58 mailer postfix/smtpd[2201]: disconnect from unknown[192.168.1.98]

I have very limited control over this voicemail system, so getting it to behave properly probably isn't an option. Is there a way to make postfix accept any EHLO/HELO, even with no hostname at all?

superstator
  • 203
  • Sadly no. I'm not worried about losing any features, as long as I can accept mail from this voicemail. This is literally the only thing this relay will be doing, and volume will be very low. Not sure how disabling EHLO features would help, though - the issue isn't that the voicemail doesn't understand the feature list. It's that postfix always sends a 501 when the voicemail hamhandedly tries to start a session. – superstator Oct 13 '14 at 22:19
  • @superstator - what about this approach? http://labs.hoffmanlabs.com/node/1856. There are other things to try here too: http://i-mscp.net/index.php/Thread/2215-Postfix-How-to-disable-HELO-checks/ – slm Oct 14 '14 at 02:26
  • Yeah, I've tried those. They do allow for nonsense hostnames, e.g. "HELO foo", but it still returns 501 if you just send bare "HELO". – superstator Oct 14 '14 at 05:48

1 Answers1

4

I took a peek at the source for smtpd, and it appears this is not currently possible. helo_cmd() and ehlo_cmd() both check for a minimum of 2 values in argv, where the first value is (presumably) the command requested (HELO/EHLO) and the second is a hostname. Any extra arguments are concatenated together with the second argument to arrive at a final hostname value. The various configuration options then control how that value is validated, but it must be present.

Edit:

After putting this to the postfix-users mailing list, it was pointed out that it is possible to apply a regex to the command arguments before processing. I had to install postfix-pcre via apt-get. I then create a file /etc/postfix/smtpd_cmd_filter like this:

# smtpd_cmd_filter
# Work around brain-dead empty EHLO
/^EHLO\s$/ EHLO domain.invalid
/^HELO\s$/ HELO domain.invalid

and added the following line to main.cf:

smtpd_command_filter = pcre:/etc/postfix/smtpd_cmd_filter

It is not pretty, but it works.

Anthony Geoghegan
  • 12,950
superstator
  • 203
  • I'm guessing you could edit the source to change this behaviour, as long as you can keep up with software updates and so on. You could also send an email to the postfix mailing lists to get more information about it, or to suggest this as a feature to be implemented (allow empty EHLO, or default EHLO hostnames for specific clients). – John WH Smith Oct 14 '14 at 07:12
  • OMG Iv never loved an ugly hack so much! I spent eons on this problem before finding this, the only solution aside from hacking ActionMailer. – ekerner Apr 11 '15 at 22:13