Postfix 3.4.10 bounced : said: 250 recipient <[email protected]> ok (in reply to DATA command))

debian postfix

Thanks all, finally found !

Indeed, there was a problem with our av/netfilter (DrWeb) which break sometimes the protocol. I open a support cas and post informations here because it seems to be a new/unknown bug

Temporary workaround is to set in the AgentCentral

[LinuxFirewall] InspectSmtp = No

Best regards, Arnaud.


Here is the complete answer from the support. May help some other DrWeb users :

============== hello, the thing is that maild in filter mode (as milter) and linuxfirewall for inspecting smtp are mutually exclusive.

linuxfirewall can inspect smtp, pop,imap and http, and, optionally, "unwrap" ssl connections (by default it is switched off), that requires additional tuning (creating "trusted" certificates and adding it to clients as trusted to allow this "mitm" ssl inspection)

another thing is that if Dr.Web for Unix mail servers is working under esuite-server's control its configuration must be performed only on es-server's side, and for linuxfirewall's detailed and complete settings there is only ini-file editor (that cancels and override any settings made in component's interface) in Anti-virus Network > xxxx > UNIX > Dr.Web Agent tab Configuration The drweb.ini configuration file

[LinuxFirewall] UnwrapSsl = Yes

and for disabling firewall there must be OutputDivertEnable = No InputDivertEnable = No

or instead of this complicated tuning, if no firewall setup required, there is more convenient and normal way to switch this completely off: Anti-virus Network > xxx > UNIX > SpIDer Gate [v] Enable SpIDer Gate

uncheck|remove [v] from [ ] in Enable SpIDer Gate

if you ssh on this station and check drweb-ctl cfsh linuxfirewall |grep DivertEnable

instead of (example) existing LinuxFirewall.OutputDivertEnable = Yes LinuxFirewall.InputDivertEnable = No LinuxFirewall.ForwardDivertEnable = No

after unchecking [ ] in Enable SpIDer Gate and pressing [save] in es-server web-interface

drweb-ctl cfsh linuxfirewall |grep DivertEnable

will return LinuxFirewall.OutputDivertEnable = No LinuxFirewall.InputDivertEnable = No LinuxFirewall.ForwardDivertEnable = No

meaning that linuxfirewall is off.

==============

So the correct usage in my case is to set it totally off.

Related

How can I see whether tcp-offloading is enabled on a ubuntu server?
HAProxy + Dovecot + Gluster
Exporting Cloudwatch logs to Stackdriver
Apache returning wrong Location header
HOW To set htaccess to enable embed in iframe from another website [closed]
Bind9 DNS configuration for a private sub-domain from a public domain name
Automatic Kerberos Host Keytab Renewal with SSSD
rsyslog: How do I split the events in a log file into separate files if it contains a keyword?
It is enough secure enabling WireCrypt when connecting over internet
How do I setup an Ookla server for speed test?
What is the overhead of ZFS RAIDz1/2 in HPC SSD Environment?
Postfix not receiving bounce mails