Postfix protocol error attempting email address validation with SMTP

I have some code that does an email address validation. It works by attempting a mail delivery via SMTP and then quitting without sending anything. It works most of the time, but in some fringe cases it does not. I have one of these cases and I would like to know if anyone has a clue as to what the mail server might be unhappy about in my request?

Here is the TCP session on port 25 to smtp.hp.com (I have substituted real email addresses here)

220-g1t6210.austin.hp.com ESMTP Postfix
HELO ednasmtp.beweb.co.nz
250 g1t6210.austin.hp.com
MAIL FROM: <[email protected]>
250 2.1.0 Ok
RCPT TO: <[email protected]>
550 5.5.1 Protocol error
QUIT
550 5.5.1 Protocol error

My question is, why is HP's postfix server saying "Protocol error"? Isn't my mail delivery valid?


Solution 1:

smtp.hp.com resolves to 4 different IP addresses. Each of them responds to SMTP, but they are configured in different ways. Without knowing which of the 4 you connected to it is difficult to say exactly why it failed. But I can go over your session step by step and explain multiple errors made by the client side along the way.

220-g1t6210.austin.hp.com ESMTP Postfix

This is a partial status message from the server as indicated by the -. The last line of the status will have a in that location. 3 of the 4 SMTP servers responds with a 2-line status message this way with a delay between the two lines. One of them responds with a 1-line status message, which rules out that one as having handled your session. The client will need to keep reading the status message until it has seen it all.

HELO ednasmtp.beweb.co.nz

At this point the client violates the protocol by sending a command before receiving the full status.

250 g1t6210.austin.hp.com

Here the server violates the protocol by sending a different status code in what a standards compliant client would interpret as continuation of the 220- status line from above.

MAIL FROM: <[email protected]>

Here the client violates the protocol by the extraneous space between : and <. A space is never permitted in that location, though there exist mail servers which will ignore that space and allow the transaction to continue.

250 2.1.0 Ok
RCPT TO: <[email protected]>

Here the client violates the protocol again in the same way as in the MAIL command.

550 5.5.1 Protocol error

It's correct that there was a protocol error. It's hard to tell which of the protocol errors mentioned above it is complaining about. The RCPT command itself is erroneous, but it suffers from no error which haven't been seen earlier in the transaction as well.

QUIT
550 5.5.1 Protocol error

At this point it is hard to guess which side closed the connection. And given that both sides have violated the protocol it's probably no longer important. We can't even be sure which status codes applies to which commands.

Solution 2:

Your host is failing a number of verifications that could be expected from an email server:

  • It fails rDNS validation for the name presented above.
  • It has no SPF record (a simple "v=spf1 a -all" policy would be appropriate".
  • The sending domain has no DKIM or DMARC record.

If you are doing address validation, you may be triggering any number of spam avoidance techniques. While in the past address validation was generally permitted, spammers have resulted validation being restricted. Fixing the items above may help but I wouldn't count on it.

These days the only widely supported address validation is to send an email with a validation link for the user to confirm their address.

You may want to review the canonical posts on email and postfix.