| Subject: | Net::SMTP gives me: warning: non-SMTP command |
| Date: | Sat, 28 Nov 2015 10:09:53 -0500 |
| To: | bug-libnet [...] rt.cpan.org |
| From: | Hugh Esco <hesco [...] yourmessagedelivered.com> |
root@mail:~# grep -i version /usr/share/perl/5.18.2/Net/SMTP.pm
use vars qw($VERSION @ISA);
$VERSION = "2.31";
root@mail:~# dpkg -l | grep postfix
ii postfix 2.11.0-1 amd64 High-performance mail transport agent
I have been using my script at:
/root/lib/perl/port25_dkim_spf_test.pl
to validate my mail configuration for a couple of years now. This is
the first time I have ever encountered this issue. Although the
$smtp->hello() call was added while debugging this issue.
When running the (slightly sanitized) script below at localhost on a
postfix mail server configured as my network's mail relay, I see this
in the logs:
Nov 28 09:32:46 mail postfix/smtpd[24802]: warning: non-SMTP command from localhost[127.0.0.1]: To: mailto:check-auth2@verifier.port25.com
This however, got my message successfully relayed to its intended
recipient:
mailx -r hesco@mydomain.com check-auth2@verifier.port25.com
I have not dug into the code to learn what might be at play that would
generate this error. But I did find this documentation on the postfix
site:
http://www.postfix.org/POSTSCREEN_README.html
Non-SMTP command test
Some spambots send their mail through open proxies. A symptom of this
is the usage of commands such as CONNECT and other non-SMTP commands.
Just like the Postfix SMTP server's smtpd_forbidden_commands feature,
postscreen(8) has an equivalent postscreen_forbidden_commands feature
to block these clients. postscreen(8)'s deep protocol test for this is
disabled by default.
With "postscreen_non_smtp_command_enable = yes", postscreen(8) detects
zombies that send commands specified with the
postscreen_forbidden_commands parameter. This also detects commands
with the syntax of a message header label. The latter is a symptom that
the client is sending message content after ignoring all the responses
from postscreen(8) that reject mail.
This test is opportunistically enabled when postscreen(8) has to use
the built-in SMTP engine anyway. This is to make postscreen(8) logging
more informative.
When a client sends non-SMTP commands, postscreen(8) logs this as:
NON-SMTP COMMAND from [address]:port after command: text
Translation: the SMTP client at [address]:port sent a command that
matches the postscreen_forbidden_commands parameter, or that has the
syntax of a message header label (text followed by optional space and
":"). The "after command" portion is logged with Postfix 2.10 and later.
The postscreen_non_smtp_command_action parameter specifies the action
that is taken next. See "When tests fail after the 220 SMTP server
greeting" below.
-----
#!/usr/local/bin/perl -w
use Net::SMTP;
$smtp = Net::SMTP->new('localhost');
$smtp->mail('hesco@mydomain.com');
$smtp->hello('root@smtp.mydomain.com');
$smtp->to('check-auth2@verifier.port25.com');
$smtp->data();
$smtp->datasend("To: mailto:check-auth2\@verifier.port25.com\n");
$smtp->datasend("Subject: test dkim and spf with port25 tool\n");
$smtp->datasend("\n");
$smtp->datasend("Test dkim and spf\n");
$smtp->dataend();
$smtp->quit;
--
Hugh Esco <hesco@yourmessagedelivered.com>