On 2012-06-26 at 10:11 +0800, Chris Kruger wrote:
> "SMTP protocol synchronization error (input sent without waiting for
> greeting):"
>
> If understand correctly this is characteristic of tls on connect problems ?
Nope; that's a protocol lockstep issue. In SMTP, the server speaks
first, but the client isn't waiting for the banner. This behaviour is
common for pump&dump spammers, so seeing in on port 25 is bad.
You can turn this off globally, for all ports, using the
"smtp_enforce_sync" option -- set it false.
You probably instead want to define a acl_smtp_connect ACL, which sets
"control = no_enforce_sync" if the port is 465.
----------------------------8< cut here >8------------------------------
# main section
acl_smtp_connect = acl_connect
begin acl
acl_connect:
warn condition = ${if =={$received_port}{465}}
control = no_enforce_sync
accept
----------------------------8< cut here >8------------------------------
-Phil