550 5.5.1 Protocol error

[bluetonic]

Mar 03 17:15:55 xxxxx postfix/postscreen[20214]: PREGREET 26 after 0.04 from [xxx.xxx.xxx.xxx]:60268: EHLO MGTEXC12.xxxx.com\r\n
Mar 03 17:15:55 xxxxx postfix/postscreen[20214]: NOQUEUE: reject: RCPT from [xxx.xxx.xxx.xxx]:60268: 550 5.5.1 Protocol error

What is the reason
I have been getting this error from one ip address for the last 3 weeks?
there was no problem before

 

[Stoiko Ivanov]

550 5.5.1 Protocol error

seems the smtp-server on that IP is not properly speaking SMTP -> check with the admin of that mail-server what/where the problem lies.

 

[H.c.K]

Hi, we're having this problem. He makes the same mistake for mail from a bank. Any progress has been made? Is this all about the other side?
Mar 9 15:16:56 pmg4 postfix/postscreen[13873]: DISCONNECT [1.1.1.1]:58902
Mar 9 15:17:04 pmg4 postfix/postscreen[13873]: CONNECT from [1.1.1.1]:58918 to [178.210.176.18]:25
Mar 9 15:17:04 pmg4 postfix/postscreen[13873]: PREGREET 26 after 0 from [1.1.1.1]:58918: EHLO MGTEXC01.abcdebank.com\r\n
Mar 9 15:17:04 pmg4 postfix/postscreen[13873]: HANGUP after 0.01 from [1.1.1.1]:58918 in tests after SMTP handshake
Mar 9 15:17:04 pmg4 postfix/postscreen[13873]: DISCONNECT [1.1.1.1]:58918
Mar 9 15:17:13 pmg4 postfix/postscreen[13873]: CONNECT from [1.1.1.1]:58957 to [2.2.2.2]:25
Mar 9 15:17:13 pmg4 postfix/postscreen[13873]: PREGREET 26 after 0.01 from [1.1.1.1]:58957: EHLO MGTEXC01.abcdebank.com\r\n
Mar 9 15:17:13 pmg4 postfix/postscreen[13873]: NOQUEUE: reject: RCPT from [1.1.1.1]:58957: 550 5.5.1 Protocol error; from=<hizmet@bilgi.abcdebank.com>, to=<datca@billurkent.com>, proto=ESMTP, helo=<MGTEXC01.abcdebank.com>
Mar 9 15:17:13 pmg4 postfix/postscreen[13873]: DISCONNECT [1.1.1.1]:58957

 

[H.c.K]

Hello, there was a situation that caught my attention. It gives the protocol error in the ones written in capital letters. Could postfix be giving errors about uppercase? I couldn't find another log record.


Mar 9 13:23:19 pmg4 postfix/postscreen[13873]: DISCONNECT [123.456.789.123]:59713
Mar 9 13:29:16 pmg4 postfix/postscreen[13873]: CONNECT from [123.456.789.123]:61604 to [333.444.555.666]:25
Mar 9 13:29:16 pmg4 postfix/postscreen[13873]: PREGREET 26 after 0 from [123.456.789.123]:61604: EHLO MGTEXC03.abcdebank.com\r\n
Mar 9 13:29:16 pmg4 postfix/postscreen[13873]: HANGUP after 0.01 from [123.456.789.123]:61604 in tests after SMTP handshake
Mar 9 13:29:16 pmg4 postfix/postscreen[13873]: DISCONNECT [123.456.789.123]:61604
Mar 9 13:29:24 pmg4 postfix/postscreen[13873]: CONNECT from [123.456.789.123]:61655 to [333.444.555.666]:25
Mar 9 13:29:24 pmg4 postfix/postscreen[13873]: PREGREET 26 after 0 from [123.456.789.123]:61655: EHLO MGTEXC03.abcdebank.com\r\n
Mar 9 13:29:24 pmg4 postfix/postscreen[13873]: NOQUEUE: reject: RCPT from [123.456.789.123]:61655: 550 5.5.1 Protocol error; from=<info@info.abcdebank.com>, to=<info@*****.com>, proto=ESMTP, helo=<MGTEXC03.abcdebank.com>
Mar 9 13:29:24 pmg4 postfix/postscreen[13873]: DISCONNECT [123.456.789.123]:61655

Mar 9 13:33:25 pmg4 postfix/postscreen[13873]: CONNECT from [123.456.789.123]:63030 to [333.444.555.666]:25
Mar 9 13:33:25 pmg4 postfix/postscreen[13873]: PREGREET 26 after 0 from [123.456.789.123]:63030: EHLO MGTEXC03.abcdebank.com\r\n
Mar 9 13:33:25 pmg4 postfix/postscreen[13873]: HANGUP after 0.01 from [123.456.789.123]:63030 in tests after SMTP handshake
Mar 9 13:33:25 pmg4 postfix/postscreen[13873]: DISCONNECT [123.456.789.123]:63030
Mar 9 13:33:26 pmg4 postfix/postscreen[13873]: CONNECT from [123.456.789.123]:63035 to [333.444.555.666]:25
Mar 9 13:33:26 pmg4 postfix/postscreen[13873]: PREGREET 26 after 0 from [123.456.789.123]:63035: EHLO MGTEXC03.abcdebank.com\r\n
Mar 9 13:33:26 pmg4 postfix/postscreen[13873]: HANGUP after 0.01 from [123.456.789.123]:63035 in tests after SMTP handshake
Mar 9 13:33:26 pmg4 postfix/postscreen[13873]: DISCONNECT [123.456.789.123]:63035
Mar 9 13:33:33 pmg4 postfix/postscreen[13873]: CONNECT from [123.456.789.123]:63084 to [333.444.555.666]:25
Mar 9 13:33:33 pmg4 postfix/postscreen[13873]: PREGREET 26 after 0.01 from [123.456.789.123]:63084: EHLO MGTEXC03.abcdebank.com\r\n
Mar 9 13:33:34 pmg4 postfix/postscreen[13873]: NOQUEUE: reject: RCPT from [123.456.789.123]:63084: 550 5.5.1 Protocol error; from=<info@info.abcdebank.com>, to=<sale@*****.com>, proto=ESMTP, helo=<MGTEXC03.abcdebank.com>
Mar 9 13:33:34 pmg4 postfix/postscreen[13873]: DISCONNECT [123.456.789.123]:63084

Mar 9 13:33:35 pmg4 postfix/postscreen[13873]: CONNECT from [123.456.789.123]:63095 to [333.444.555.666]:25
Mar 9 13:33:35 pmg4 postfix/postscreen[13873]: PREGREET 26 after 0 from [123.456.789.123]:63095: EHLO MGTEXC03.abcdebank.com\r\n
Mar 9 13:33:36 pmg4 postfix/postscreen[13873]: NOQUEUE: reject: RCPT from [123.456.789.123]:63095: 550 5.5.1 Protocol error; from=<info@info.abcdebank.com>, to=<support@*****.com>, proto=ESMTP, helo=<MGTEXC03.abcdebank.com>
Mar 9 13:33:36 pmg4 postfix/postscreen[13873]: DISCONNECT [123.456.789.123]:63095

Mar 10 10:36:26 pmg4 postfix/postscreen[30451]: CONNECT from [123.456.789.123]:50569 to [333.444.555.666]:25
Mar 10 10:36:26 pmg4 postfix/postscreen[30451]: WHITELISTED [123.456.789.123]:50569
Mar 10 10:36:26 pmg4 postfix/smtpd[35447]: connect from mgtexc03.abcdebank.com[123.456.789.123]
Mar 10 10:36:26 pmg4 postfix/smtpd[35447]: lost connection after STARTTLS from mgtexc03.abcdebank.com[123.456.789.123]
Mar 10 10:36:26 pmg4 postfix/smtpd[35447]: disconnect from mgtexc03.abcdebank.com[123.456.789.123] ehlo=1 starttls=0/1 commands=1/2

Mar 10 10:36:33 pmg4 postfix/postscreen[30451]: CONNECT from [123.456.789.123]:50611 to [333.444.555.666]:25
Mar 10 10:36:33 pmg4 postfix/postscreen[30451]: WHITELISTED [123.456.789.123]:50611
Mar 10 10:36:33 pmg4 postfix/smtpd[35449]: connect from mgtexc03.abcdebank.com[123.456.789.123]
Mar 10 10:36:33 pmg4 postfix/smtpd[35449]: 948B6263AA0: client=mgtexc03.abcdebank.com[123.456.789.123]
Mar 10 10:36:33 pmg4 postfix/smtpd[35449]: disconnect from mgtexc03.abcdebank.com[123.456.789.123] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Mar 10 10:36:34 pmg4 postfix/smtpd[35663]: EB6A5264295: client=localhost.localdomain[127.0.0.1], orig_client=mgtexc03.abcdebank.com[123.456.789.123]

Mar 10 10:50:51 pmg4 postfix/postscreen[30451]: CONNECT from [123.456.789.123]:55371 to [333.444.555.666]:25
Mar 10 10:50:51 pmg4 postfix/postscreen[30451]: WHITELISTED [123.456.789.123]:55371
Mar 10 10:50:51 pmg4 postfix/smtpd[38946]: connect from mgtexc03.abcdebank.com[123.456.789.123]
Mar 10 10:50:51 pmg4 postfix/smtpd[38946]: lost connection after STARTTLS from mgtexc03.abcdebank.com[123.456.789.123]
Mar 10 10:50:51 pmg4 postfix/smtpd[38946]: disconnect from mgtexc03.abcdebank.com[123.456.789.123] ehlo=1 starttls=0/1 commands=1/2

 

[Stoiko Ivanov]

Hello, there was a situation that caught my attention. It gives the protocol error in the ones written in capital letters. Could postfix be giving errors about uppercase? I couldn't find another log record.

I would suggest to ask the other side for their logs - and what they see and send - else checkout the postfix debug howto - and start postscreen in verbose mode.

http://www.postfix.org/DEBUG_README.html

My guess is that the error is not in postfix understanding of SMTP

I hope this helps!

 

[H.c.K]

I would suggest to ask the other side for their logs - and what they see and send - else checkout the postfix debug howto - and start postscreen in verbose mode.

http://www.postfix.org/DEBUG_README.html

My guess is that the error is not in postfix understanding of SMTP

I hope this helps!

Hello Stoiko,
http://www.postfix.org/POSTSCREEN_README.html for such cases, we could exclude the server that gave an error in the postscreen_access file. I was going to write how I fixed the problem, but I'm having trouble with the cluster.
The postscreen_access file is up-to-date on my master server. This file is not updated on my Node servers. The old list appears. Therefore, I can receive mail on the master server. I can't get from Node servers. I edit it manually, but it still sees the old list.

I will write if I can solve it.

 

[Stoiko Ivanov]

we could exclude the server that gave an error in the postscreen_access file.

Yes you can - however the postscreen_access file is also rendered by PMG - it is filled by the whitelist entries in the mail proxy (GUI->Configuration->Mail Proxy->Whitelist

In any case - the root cause of the issue is still probably with the sending server - although I guess sometimes the mail-admins on the other side won't have enough time to answer.

 

[H.c.K]

Hi,
It is likely that the problem has been solved. I'm not getting an error right now. Since the other side is a large bank, he says that they do not have a problem. We couldn't explain it. If you add the IP address of the opposite servers from the GUI-> Configuration-> Mail Proxy-> Whitelist section, PREGREET query does not meet and accepts directly. The "PREGREET" section on the http://www.postfix.org/POSTSCREEN_README.html page helped me understand the problem.

Note: I use Cluster. Due to the difference in seconds between servers, Due to the difference in seconds between the servers, I could not process the whitelist rules on my "node" servers. I manually set the clock. On other servers, whitelist has been updated.

It will help if someone else encounters the problem. Thank you @Stoiko Ivanov , Thank you PMG Family.

 

[Stoiko Ivanov]

Make sure all nodes in your cluster have similar time (sync them to the same NTP server)

 

[H.c.K]

Make sure all nodes in your cluster have similar time (sync them to the same NTP server)

Hi Stoiko,
Yes, i added all server is ntp server. Now no error is cluster.

As an extra, I encountered an error like this.
"database sync 'pmg4' failed - command 'rsync '--rsh=ssh -l root -o BatchMode=yes -o HostKeyAlias=pmg4' -q -aq --timeout 10 '[*.*.*.*]:/var/spool/pmg/cluster/4/' /var/spool/pmg/cluster/4 --include spam/ --include 'spam/*' --include 'spam/*/*' --include virus/ --include 'virus/*' --include 'virus/*/*' --exclude '*'' failed: exit code 23"

While the cluster structure was working, I had to delete and add the server.
I realized that it gave an error because the files below were not on the master server.
/var/spool/pmg/cluster/4/
/var/spool/pmg/cluster/4/spam
/var/spool/pmg/cluster/4/virus
I created them with the mkdir command on the master server. After a while, the cluster structure updated these files and I am not getting an error right now. If another friend meets, I write for information.
Thank you again.