Qmail and Bare LineFeeds

[penfold1972]

I'm trying to get my (first ever) qmail server working and I think I have everything taken care except one issue.

I can't seem to get any email from the internet because of the "bare linefeed" rule qmail enforces.

I can send mail out to the internet, and I can recieve it from my localhost or even sending an email by telneting to port 25 from my localnetwork. But sending an email from my (sendmail) system at work, telneting to port 25 from work, or even trying to send through yahoo is not getting accepted.

My qmail-smtp log shows status 0 for the mails it does accept and status 256 for mails it doesn't accept.

I know there is a patch to qmail to allow barelinefeeds, but I am not sure how to apply it to the sources I got from the emerge, and apply the changes to my build.

Can someone point me in the right direction?

[penfold1972]

ok, I think I figured out how to modify the ebuild to apply the patch from
http://www.fehcom.de/qmail/qmail-smtpd-newline.patch. Even better, I think it applied successfully. (The patch seemed to detect it was applied when I tried to re apply it by hand, as descibed within the patch linked above.)

But it's still disconnecting the connection and logging a "status 256" for every attempt. Truth to tell, I am stumped as to why I can telnet to port 25 anywhere from the local LAN and it works fine, but when I do the same thing from the internet it errors out.

Since my test emails from yahoo and work are doing the exact same thing, I am thinking this could be a REAL problem. Has someone else already dealt with this that could give me a few pointers?

[penfold1972]

I think I figured out what my problem was.

After removing and totally rebuilding qmail, (Without applying the newline patch.) I decided to see if my Cisco IOS firewall was casuing a problem.

Cisco firewalls (IOS and the appliance based PIX) have an "SMTP fixup protocol" which I had forgoten was enabled. It is meant to "protect" a mail server by supervising all SMTP connections. I would prefer to have the service running, but it always seems to cause more problems than it actually solves.... It doesn't help that I can't find a definate list of WHAT exactly it does and does not protect against. I do know for sure it disables the EXPN and VEFY commands from any SMTP server it is protecting as well as EHLO. Problem is, EHLO is how authentication works and it will royally screw up things if M$ Exchange servers are trying to sync up through it.

I disabled the SMTP fixup portion and retested. Everyting went through like a charm.