client connection error for smtp2

Does anyone other than myself have issues with clients sending e-mail via the smtp2 service on port 587? It will jump between connection to port 587 failed and password rejected. This seems to be MUCH more frequent OS X machines using Mail.app set to use SSL/TLS connections to port 587. Could this be another of Qmail TLS bug or just Apple having created another “misbehaving” aspect of their Mail.app? (The other is that Mail.app likes to use either 3 or 4 simultaneous connections per IMAP account. You can just imagine the fun that’s caused with Mac shops that use a shared IP.)

And, just for the record. I’ll respond to the the posts in the qmail/spam solution thread a bit later today. The past week has been quite busy.

I haven’t heard an issue exactly like this before, but I’d be curious to see if it’s an issue with the smtp connection limit getting hit. You could try increasing it to see if that helps. I’d be glad to investigate as well if you open a support ticket when the problem is happening.

Paul

Paul, after performing some telnet tests before & after restarting the smtp2 process via the iworx UI, I am seeing that the smtp2 daemon seems to switch periodically between what appears two different daemons or configurations. At some times (meaning time periods) it will display a hostname of rblsmtpd.local and others it will display the hostname that I have set. When it displays the hostname I have set it does not appear to have any issues. While it is displaying the rblsmtpd.local it appears to be referencing connecting IPs with the dnsbls I have set for the primary smtp (port 25) daemon.

Any ideas?

While it is displaying the rblsmtpd.local it appears to be referencing connecting IPs with the dnsbls I have set for the primary smtp (port 25) daemon.

When you say it’s displaying “rblsmtpd.local”, are you saying that’s what the SMTP banner says when you connect via telnet? Is that all that it says when this happens?

While it is displaying the rblsmtpd.local it appears to be referencing connecting IPs with the dnsbls

I’m not completely following you here, where are IPs coming into play?

For what it’s worth, the port 587 daemon uses the same blacklist config as the port 25 daemon by default. If you want to try removing the blacklist config from the port 587 version, you’d have to manually edit the /service/smtp2/run file, and locate the section

/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
     $RBLSMTPD $BLACKLIST $SMTPD $ARGS 2>&1

And remove the “$RBLSMTPD $BLACKLIST” parts, making it

     /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
     $SMTPD $ARGS 2>&1

Paul, I’ll do some testing on that. I would suggest not having RBL checks on smtp2 as the default OR having a separate configuration box for smtp2 to have its own RBL checks. Generally, primary smtp (port 25) will include checks related to dynamic IPs while this is generally not desired for client submissions (smtp2 port 587).

Was there a resolution to this? I have a client who uses Mac Mail that cannot connect on port 587 with SSL checked.