Error between two postfix "Command not recognized", RCPT is cut in two words

[Thomas POINDESSOUS]

Hi,

I have a problem between one of my postfix and a zimbra server (postfix server).

sometime (one mail every three days), I got this error :

502 5.5.2 Error: command not recognized (in reply to RCPT TO command)

I did a tcpdump to understand why I got this error and I found that one of the "RCPT TO:" command is cut in two packets.

First packet finished by "RC" and second packet began by "PT TO:". And the server doesn't understand this command.

Here is a part of the tcpdump (ascii is obfuscated but hexdump is not) :

        0x0aa0:  6961 2e66 720d 0a52 4350 5420 544f 3a3c  ia.fr..RCPT.TO:<

        0x0ab0:  6e61 7335 3135 4066 6f6e 6369 612e 7072  nas...@XXXX.pr

        0x0ac0:  6f3e 204f 5243 5054 3d72 6663 3832 323b  o>.ORCPT=rfc822;

        0x0ad0:  6e61 7335 3135 4066 6f6e 6369 612e 6672  nas...@XXXX.fr

        0x0ae0:  0d0a 5243                                ..RC

09:51:39.813192 IP xxxxxx.39555 > xxxxxx.smtp: P 2756:3667(911) ack 220 win 54 <nop,nop,timestamp 537283022 2175571428>

        0x0000:  4500 03c3 43cc 4000 4006 6241 ac10 3706  E...C.@.@.bA..7.

        0x0010:  ac10 0201 9a83 0019 7b0e 14cf e256 415b  ........{....VA[

        0x0020:  8018 0036 8ff0 0000 0101 080a 2006 49ce  ...6..........I.

        0x0030:  81ac 95e4 5054 2054 4f3a 3c6e 6f65 6c6c  ....PT.TO:<noell

        0x0040:  652e 6d6f 6e74 6573 4066 6f6e 6369 612e  e.montes@xxxx.

        0x0050:  7072 6f3e 204f 5243 5054 3d72 6663 3832  pro>.ORCPT=rfc82

How can I solve this problem ?

Thanks in advance.

--
Thomas Poindessous

[Ralf Hildebrandt]

* Thomas POINDESSOUS <poindes...@foncia.fr>:

>
> Hi,
>
>
> I have a problem between one of my postfix and a zimbra server (postfix server).
>
>
> sometime (one mail every three days), I got this error :
> 502 5.5.2 Error: command not recognized (in reply to RCPT TO command)
>
>
> I did a tcpdump to understand why I got this error and I found that one of the "RCPT TO:" command is cut in two packets.
> First packet finished by "RC" and second packet began by "PT TO:". And the server doesn't understand this command.

Is there a firewall between the two?

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hil...@charite.de | http://www.charite.de

[Wietse Venema]

Thomas POINDESSOUS:

>
> Hi,
>
> I have a problem between one of my postfix and a zimbra server (postfix server).
>
> sometime (one mail every three days), I got this error :
> 502 5.5.2 Error: command not recognized (in reply to RCPT TO command)
>
> I did a tcpdump to understand why I got this error and I found
> that one of the "RCPT TO:" command is cut in two packets.

This often happens with "firewall" products that inspect the TCP
stream. In particular, CISCO has a reputation of breaking SMTP by
mis-handling commands, including commands that sit on a packet
boundary.

If there is a CISCO firewall in the path, issue the proper commands
to disable SMTP inspection (whatever they call it today).

You can also selectively disable ESMTP command pipelining. See:

http://www.postfix.org/postconf.5.html#smtp_discard_ehlo_keywords
http://www.postfix.org/postconf.5.html#smtp_discard_ehlo_keyword_address_maps

The keyword in question is "pipelining".

Using this will reduce mail delivery performance, so you may not want to
turn it on for all mail.

Wietse

[Ralf Hildebrandt]

* poindes...@foncia.fr <poindes...@foncia.fr>:
> Yes, I think this is a cisco asa 5550, with a special filter which protects "smtp server".
>
> Do you think I should ask to disable it ?

Yes. It causes nothing but grief :)

[Victor Duchovni]

On Fri, Jul 09, 2010 at 03:58:12PM +0200, poindes...@foncia.fr wrote:

> ... a special filter which protects "smtp server".

>
> Do you think I should ask to disable it ?

Yes, always. The SMTP inspection feature notoriously does more harm than good.

--
Viktor.