I’ve just migrated a couple of SME 9.2 servers to the newly released 10.0. Was considering migrating them to Nethsever, but didn’t have the time - seemed easier to upgrade. Everytihing works well. With one exception. Sending email from a fully up to date Nethserver leads to rejection by the SME server. After some testing, it looks as though the problem is mainly Nethserver.
This is the relevant section of the rejection mail:
Final-Recipient: rfc822; paul@geminimanufacturing.co.uk
Original-Recipient: rfc822;paul@geminimanufacturing.co.uk
Action: failed
Status: 5.0.0
Remote-MTA: dns; mail.geminimanufacturing.co.uk
Diagnostic-Code: smtp; 550-(helo) HELO hostname does not exist 550 (helo) HELO
hostname does not exist
That didn’t make much sense to me, but what I found in the SME logs shows what the problem is:
2021-09-03 09:53:59.137282500 3581 Accepted connection 0/40 from xxx.xx.xx.x/ mail.brillcomputers.co.uk
2021-09-03 09:53:59.137460500 3581 Connection from mail.brillcomputers.co.uk [xxxx.xx.xxx]
2021-09-03 09:53:59.558502500 3581 (connect) earlytalker: karma -1 (-1)
2021-09-03 09:53:59.558569500 3581 (connect) earlytalker: fail, remote started talking before we said hello
2021-09-03 09:53:59.558752500 3581 (deny) logging::logterse: ` xx.xx.xx.xxx mail.brillcomputers.co.uk earlytalker 901 Connecting host started transmitting before SMTP greeting msg denied before queued
2021-09-03 09:53:59.558812500 3581 550 Connecting host started transmitting before SMTP greeting
2021-09-03 09:53:59.558958500 3581 click, disconnecting
SME has had the early-talker plugin for a long time, but it seems to be set somewhat more aggressively in 10.0. However, I have no idea why Nethserver should be acting as an early talker. I’ve tried a number of other email servers sending to the SME 10 servers, none of them have the problem, only Nethserver.
If I remember correctly, I can set the easy-talker plugin in SME to be less aggressive, but that shouldn’t be necessary. Should I be raising a bug against the Nethsever SMTP module?
Thanks for the reply. I have remote access to Cockpit (using the dashboard add on a local copy of cockpit), but there is no email page displayed at all under system. I’ve also had a quick look at /etc/postfix/main.cf from which it seems that there is nothing in the custom HELO (all commented out).
If someone else wants to try testing, I have email adresses on both of the recently migrated SME 10 systems - try either paul@pjlallsorts.co.uk or paul@geminimanufacturing.co.uk It would be interesting to know if it is a general Nethserver problem or specific to the one I installed (which has been running since version 7.3.1611.
Sorry, I don’t understand the question. The SME 10 systems are pjlallsorts.co.uk and geminimanufacturing.co.uk while the Nethserver is brillcomputers.co.uk - since I installed and maintain all of them, I’ve set up accounts for myself on all of them so I can test things remotely…
Unfortunately, Cockpit doesn’t currently run on SME 10, or at least isn’t currently installed on it. I use the original SME web interface on them, either through SSH and elinks or by adding my current home IP to the remote access lists on them.
I’ll try to rephrase, i am no english mother language, please try to be kind. Status mail.pjallsorts.co.uk and mail.geminimanufacturing.co.uk are two SME10 Server managing email for both domains. mail.brillcomputers.co.uk is a NethServer 7.9 server which is managing emails for it’s domain, and it’s not able to deliver messages to both SME10 servers for this error:
Diagnostic-Code: smtp; 550-(helo) HELO hostname does not exist 550 (helo) HELO
hostname does not exist
My question is: on your NethServer installation, which is the hostname configured as main system name?
You can find it into the Dashboard section, this is mine from my TestServer
Thanks. I wasn’t quite sure what you were looking for. The machine name is barracuda, so the dashboard entry is [barracuda.brillcomputers.co.uk]. So far as I can see, the bounce message is very misleading, since the log fragment from the SME server clearly identifies the incoming call as coming from mail.brillcomputers.co.uk, showing that the reason for rejection is that the Nethserver machine started talking before the SME system sent its initial HELO packet.
It looks as though the early-talker plugin in SME 10.0 is more aggressive than it was in earlier versions, since there haven’t been any similar problems sending mail to SME 9.2 systems (I’m still doing ongoing maintenance on 4 SME 9.2 systems). I think I can modify the settings on the SME 10 plugin, but it is a legitimate spam mitigation technique, so I’m not sure that it should be necessary.
I will also be checking with the SME devs to see if anyone else is seeing problems of this sort, though in all my tests, it was only the Nethserver system that seemed to be having problems sending to SME 10.0
IMVHO SME Server 10 is… doing a fine job. And you fall into some… errors made from several sysadmins.
Your NethServer acts like " barracuda.brillcomputers.co.uk", which is no-known host for internet (as for other SMEservers 10).
IMVHO you have three options (more 2.5):
rename your server as “mail.brillcomputers.co.uk” from cockpit. This will ease any kind of issue for mail delivering, but maybe you don’t want to do that.
tell postfix to introduce itself as “mail.brillcomputers.co.uk”, as custom HELO suggestion from @mrmarkuz made to you. This will allow your Nethserver to retain current FDQN but it will ease a lot the deliver of messages for “smart enough” mailservers/antispam system. IMVHO, best and fastest option.
there’s a third option, which is add barracuda.brillcomputers.co.uk as internet hosts and part of your MX record, SPF, DMARK, and moreover. It’s quite more labour-related, and also take some time to expire public DNS data from servers which already read (and cached) your DNS data for MX/Mail deliver. I don’t suggest you to do this, because it will be… again more labor when barracuda will be replaced by pike.brillcomputers.co.uk or bass.brillcomputers.co.uk, whatever “fish”/server will your next toy.
Thanks. That looks like the problem (tended to be confirmed when I had a look at the .ovn I had downloaded from the system to use OpenVPN, which had the remote listed as barracuda.brillcomputers.co.uk instead of mail.brillcomputers.co.uk.
I don’t understand how that situation can have come about - barracuda was simply the machine name I specified when I first installed Nethserver, so I don’t understand why it should now be being used as the full FQDN for the server.
Your second suggestion is the only practical one I would like to use. Small problem though - the email option does not appear in Cockpit, under System or anywhere else I can find. I thought it might be due to my running it remotely, using the Cockpit ability to add other systems when a valid SSH link exists, but running it through a VPN connection is no different - still no Email or Relay option available that I can see. I even started the old server-manager through the VPN connection in the hope that I could change it there, but that only offers me a combined host and domain name option, which I’m reluctant to risk.
Is there a template fragment I could use? I’ve not done much with adding custom templates to Nethserver, though I’ve used that ability in SME many times. In this instance, I don’t know the fragment to use, nor the format needed.
I’m also curious as to why the email section doesn’t appear when I run Cockpit. Is this a change in recent versions, or is this something that has got scrambled during an update?
As you can see, no email option at all, and I seem to be missing a few other options as well. The system has been around for quite a while, not had much in the way of changes made, just updates as they come through. Other than a reinstall and hope that restoring from backup doesn’t simply recreate the problem, I’m not sure how to get those options back.
For the moment, I’m going to have to check custom templates and see if I can come up with something to fix this problem at least…
Thanks. That did it. First time I looked in applications > email, it didn’t offer much. This time I managed to get it to display the rest of the options and I’ve been able to set the custom helo to what it should be.
Finally managed to send messages to both new SME 10 systems…
Thanks. I wasn’t quite sure what you were looking for. The machine name is barracuda, so the dashboard entry is [
Thanks. That did it. First time I looked in applications > email, it didn’t offer much. This time I managed to get it to display the rest of the options and I’ve been able to set the custom helo to what it should be.
Can’t argue with that…
)