1

Topic: 550 5.5.1 Protocol error

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: 550 5.5.1 Protocol error

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version: Ubuntu 16.04.3 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): 10.0.31 MariaDB
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

hi, newbie here, just followed instruction for installing iRedmail on a fresh Ubuntu found in LinuxBabe...

Immediately after reboot, I immediately telnet to port 25 and tried with "rcpt to" with the domain that I defined during installation, but I got "550 5.5.1 Protocol error"...

What am I doing wrong?

3

Re: 550 5.5.1 Protocol error

Port 25 is running "postscreen" service instead of normal smtp service to catch more spams, so it's expected.

if you need to send email, please follow our guide to setup your mail client application, or use webmail directly.
https://docs.iredmail.org/#mua

4

Re: 550 5.5.1 Protocol error

Isn't there a way to use the normal SMTP service or to configure "postscreen" to allow sending mails via telnet?

5

Re: 550 5.5.1 Protocol error

OzEdri wrote:

Isn't there a way to use the normal SMTP service or to configure "postscreen" to allow sending mails via telnet?

YES, you can of course use telnet port 25.
keep in mind that postscreen:
-  will monitor the time before the client issues "ehlo my.server.name", and if you are to quick, consider the conenction as spammer.
# man postscreen

# postconf |grep postsc
Check out the active settings, like postscreen_greet_wait and postscreen_greet_action

6

Re: 550 5.5.1 Protocol error

Thank you.
So what the original poster (or me) needs to do in order for it to work properly?
We're both getting the same behavior - after

telnet <mail server> 25

we're getting

521 5.5.1 Protocol error

Connection to host lost.

BTW, following what you wrote I tried waiting a little so I won't be considered as a spammer, and this time the

521 5.5.1 Protocol error

error didn't appear, but the

Connection to host lost.

did...

7

Re: 550 5.5.1 Protocol error

Did you get protocol error directly after giving the telnet < server> 25 command, or after giving the rcpt to command?
1) try the command local on your mail server first
2) check the /var/log/maillog 
3) this is how it looks when I run it from my workstation to the mail server

telnet 10.4.0.11 25
Trying 10.4.0.11...
Connected to 10.4.0.11.
Escape character is '^]'.
220 mail2.company.com ESMTP Postfix
<< Wait 5 s >>
ehlo myhost.int.company.com

250-mail2.company.com
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

mail from:someone@domain.com

250 2.1.0 Ok

rcpt to:internal.user@company.com

250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hello
.

250 2.0.0 Ok: queued as 774D35D6E2
quit
221 2.0.0 Bye
Connection closed by foreign host.

8

Re: 550 5.5.1 Protocol error

I got the 521 5.5.1 Protocol error right after I type E for EHLO.

  1. It's working locally.

  2. Nothing too special other than the fact that postscreen is handeling the mail and not postfix/smtp

  3. It's looking very good on your side.
    This is exactly the behavior I'm expecting.
    Thank you for your detailed example!

To be honest - I tried way too many configuration changes, and I reverted them - but in vain.
I just installed it (iRedMail 0.9.8) from scratch with the following configuration:

  • CentOS 7.5.1804

  • SELINUX and firewalld disabled

  • All of the packages are updated (yum update -y)

  • default mail storage path

  • Nginx web server

  • PostgreSQL backend

  • Optional componenets: Roundcubemail and iRedAdmin (without netdata and Fail2ban)

This always fails - I can't connect to the server via SMTP or web, so I installed with all of the default optional components (also netdata and Fail2ban) - and it always works - I can connect to it via SMTP and web. (I'll open another post for them so they'll know about it)

And now I'm back to where I started - it's working locally, but when trying remotely I'm getting:

451 4.7.1 <postmaster@mail.englab.forescout.com>: Recipient address rejected: Intentional policy rejection, please try again later

or if you prefer, from /var/log/maillog:

May 16 19:45:19 il-lab-mail postfix/smtpd[18827]: NOQUEUE: reject: RCPT from unknown[10.40.0.109]: 451 4.7.1 <postmaster@mail.englab.forescout.com>: Recipient address rejected: Intentional policy rejection, please try again later; from=<oz.edri@forescout.com> to=<postmaster@mail.englab.forescout.com> proto=ESMTP helo=<mail.englab.forescout.com>

According to their Errors you may see while maintaining iRedMail server page I just should retry - but it won't work.

According to their answer in this forum (link) it's greylisting, and it can be disabled.

So I did it in combination with other suggested methods they suggested in their documentation - and this is how I got the 521 5.5.1 Protocol error...

Anyway, I'm going way to off topic now.
I'll try with the new setup and with minor configuration changes while I backup and revert if needed.

Thank you for your assistance.

9

Re: 550 5.5.1 Protocol error

I can't say I'm an expert in Postfix, although I've done a few installations.
The good part with the iRedMail project, that it's rather easy to install from scratch, and You get all the features
configured according with best practices with security in mind.
This means that out-of-the box it comes with
- Greylisting acivated, but with an extensive white list
- Postscreen to catch bad behaving connections
- ldap/SQL server user lookup before accepting
- Not possible to relay if not using SASL login via port 587
etc.

All in all, this means it can be hard to verify with "telnet 25", because you would
somehow fail the antispam features.
- The connected server MUST have ab DNS resolvable name
- The senders mail address must be a valid domain name
- ......

Most of these features can be disabled or tweaked in Postfix, iredAPD and postscreen
(documented on iredmail doc site)

When I first installed my server, I used my Gmail account to verify external connections.
Then I know for sure that it behaves correctly.
https://mxtoolbox.com/ has got a good set of tools to verify dns settings for your domain, and also to test
smtp connections. I used the MX and SMTP tools

Regards
/I

10

Re: 550 5.5.1 Protocol error

OzEdri wrote:

Isn't there a way to use the normal SMTP service or to configure "postscreen" to allow sending mails via telnet?

Why are you insisting in sending email through port 25?

11

Re: 550 5.5.1 Protocol error

Because this is what I deployed iRedMail for - simple unsecure mail send via SMTP and simple web interface for interacting with the mail account.