Sunday, November 23, 2008

Forcing Sendmail to talk plain SMTP

While routinely checking out our mail queue I noticed a message stuck in it with an explanation I never saw before:

Deferred: 402 4.5.2 Error: command not recognized

Command not recognized? What is that supposed to mean? I ran sendmail -q -v manually and observed the following dialogue:

>>> 220 *******************************
<<< EHLO
>>> 402 4.5.2 Error: command not recognized
<<< QUIT
>>> 221 2.0.0 Bye

It looked like the remote mail server did not recognize Extented SMTP EHLO command. However, instead of replying with 500 error code (as it should when it does not recognize a command), it replied with 402 "temporary failure" code. Had it replied with the correct 500 code, our Sendmail would fall back to normal SMTP and retry with HELO command. But with 402 reply our Sendmail deferred the message.

Further analysis showed that the remote site deployed an overly clever Cisco firewall that filtered SMTP traffic. The firewall was configured (intentionally or not) to allow only plain SMTP commands. Anything else, including ESMTP EHLO, it replaced with XXXX. On top of that, the mail server software replied with an incorrect error code to the unknown command.

What a mess. How could I work around this? I had to force our Sendmail to talk plain SMTP to that particular remote server. This can be easily done with mailertable. Assume for the sake of example that the remote domain was In /etc/mail/mailertable, I added the following entry:

The key here is that I specify smtp mailer instead of the default esmtp. Ran make in /etc/mail directory to rebuild the mailertable, and the issue was solved.
Post a Comment