SnertSoft: We Serve Your Server

Barricade MX

smtpf 2.1.2
«An SMTP Filtering Proxy»


  1. Introduction
  2. License & Support
  3. Installation
  4. Configuration
    1. The Route Map
    2. The Access Map
    3. The smtpf.cf File
    4. Option Summary
  5. Runtime
    1. Command Line Options
    2. Runtime Configuration
    3. The Cache File
    4. The Stats File
    5. Log Messages
    6. SMTP Replies
  6. Glossary

SMTP Replies

Below is a list of smtpf reply messages in numerical order, with a brief explination and/or a link to the documentation where the options responsible are explained in more detail.

550 5.7.1 host %s [%s] black listed #120
There is a Connect: tag entry for either the client name or IP address with a right-hand-side value of REJECT. See access-map.
550 5.7.1 host %s [%s] from RFC2606 reserved domain #121
See rfc2606-special-domains.
550 5.7.1 host %s [%s] from unknown TLD #122
See reject-unknown-tld.
550 5.7.1 host %s [%s] sender <%s> black listed #125
There is a Connect:From: combo tag entry for either the client name and sender pair or client IP address and sender pair with a right-hand-side value of REJECT. See access-map.
550 5.7.1 sender <%s> black listed #127
There is a From: tag entry for the sender address or their domain with a right-hand-side value of REJECT. See access-map.
550 5.7.1 sender <%s> from RFC2606 reserved domain #128
See rfc2606-special-domains.
550 5.7.1 sender <%s> from unknown TLD #129
See reject-unknown-tld.
550 5.7.1 routed address relaying denied #131
See reject-percent-relay.
550 5.7.1 UUCP addressing denied #132
See reject-uucp-route. smtpf currently does nothing special with UUCP paths, so disabling this option will have undefined results.
550 5.7.1 special case of at-sign in local-part denied #133
See reject-quoted-at-sign.
550 5.7.1 host %s [%s] recipient <%s> black listed #135
There is a Connect:To: combo tag entry for either the client name and recipient pair or client IP address and recipient pair with a right-hand-side value of REJECT. See access-map.
550 5.7.1 sender <%s> recipient <%s> black listed #137
There is a From:To: combo tag entry for a sender and recipient pair with a right-hand-side value of REJECT. See access-map.
550 5.7.1 recipient <%s> black listed #139
There is a To: tag entry for sender's address with a right-hand-side value of REJECT. See access-map.
550 5.7.1 recipient <%s> from RFC2606 reserved domain #140
See rfc2606-special-domains.
550 5.7.1 recipient <%s> from unknown TLD #141
See reject-unknown-tld.
451 4.4.0 avastd address error: %s (%d) #149
451 4.4.0 avastd open error: %s (%d) #150
451 4.4.0 avastd connect error: %s (%d) #151
451 4.4.0 avastd read error: %s (%d) #153
451 4.4.0 avastd buffer overflow #154
451 4.4.0 avastd write error: %s (%d) #156
451 4.4.0 avastd read error: %s (%d) #158
451 4.4.0 avastd read error: %s (%d) #160
See avastd-socket and avastd-timeout.
550 5.7.1 %s #162
The avastd daemon found a virus or suspicious content in the message. See avastd-policy.
451 4.4.0 clamd address error: %s (%d) #178
451 4.4.0 clamd open error: %s (%d) #179
451 4.4.0 clamd connect error: %s (%d) #180
451 4.4.0 clamd buffer overflow #181
451 4.4.0 clamd write error: %s (%d) #183
451 4.4.0 clamd write error: %s (%d) #185
451 4.4.0 clamd read error: %s (%d) #186
451 4.4.0 clamd session port "%s" parse error #188
451 4.4.0 clamd address error: %s (%d) #189
451 4.4.0 clamd session open error: %s (%d) #190
451 4.4.0 clamd session connection error: %s (%d) #191
451 4.4.0 clamd session write error after %lu bytes #196
451 4.4.0 clamd session write error after %lu bytes #199
451 4.4.0 clamd session read error: %s (%d) #204
See clamd-socket and clamd-timeout.
451 4.4.0 unexpected clamd result: %s #206
The clamd daemon returned an unexpected result. This may be due to unexpected changes in the clamd protocol between program updates or data corruption over the network (assuming clamd runs on a different machine).
550 5.7.1 %s #208
The clamd daemon found a virus or suspicious content in the message. See clamd-policy.
%d %d.7.0 %s #224
The CLI child process standard output and standard error are used for specifying a multiline response. See cli-content and cli-envelope.
550 5.7.1 recipient <%s> expired #244
550 5.7.1 recipient <%s> invalid #245
221 2.0.0 %s closing connection #247
The connected client sent an SMTP QUIT command. The server will now close the connection.
500 5.5.1 %s command unknown #248
An unknown command was sent.
501 5.5.2 %s missing argument #249
The specified command requires one or more arguments.
502 5.5.1 %s not implemented #250
The given command is specified in a known RFC, but not supported.
503 5.5.1 %s out of sequence #251
The specified command was sent out of order with respect to other commands expected before this command. For example HELO or EHLO must be issued and accepted before the first MAIL FROM:; a successful MAIL FROM: must be sent before any RCPT TO: commands; and there must be at least one successful RCPT TO: before the DATA command will be accepted. See RFC 2821 for details. Other SMTP command extensions may impose similar sequence restrictions, such as AUTH (RFC 2554) after EHLO and before MAIL FROM:.
550 5.7.1 client %s [%s] is schizophrenic #252
The client has sent HELO or EHLO more than once with different arguments each time.
502 5.5.1 EHLO not supported #253
When the smtp-enable-esmtp option is off, we force the client to down grade to the older HELO command per RFC 2821.
250-Hello %s [%s] #254
550 5.7.1 client %s [%s] is schizophrenic #255
The client has sent HELO or EHLO more than once with different arguments each time.
250 Hello %s [%s] #256
501 5.5.1 AUTH cancelled #259
501 5.5.1 AUTH cancelled #264
502 5.5.1 AUTH not supported #000
See smtp-auth-enable documentation.
503 5.5.1 already authenticated #267
RFC 2554 states that once a client successfully authenticates, additional AUTH commands are rejected.
504 5.5.4 unknown AUTH mechanism #269
smtpf only supports AUTH PLAIN and AUTH LOGIN mechanisms.
235 2.0.0 authenticated #274
The client has successfully authenticated and their messages will be queued by the local route. See route-map documentation.
535 5.7.0 authentication failed #275
458 4.4.0 unable to queue messages for %s #276
SMTP ETRN commands are sent to the local route, which is responsible for queuing. See route-map documentation.
%s #277
After an SMTP ETRN command, this is the response relayed from the one of local route servers.
553 5.5.2 rejected sender %s %s #279
The SMTP MAIL FROM: address could not be correctly parsed according to the strict application of one or more RFC 2821 grammar rules. See rfc2821-line-length, rfc2821-local-length, rfc2821-domain-length, rfc2821-literal-plus, rfc2821-strict-dot.
501 5.5.2 syntax error #280
The RFC 2821 grammar for the MAIL FROM: command does not allow for white space between the FROM: and the <address> argument. When they appear it is typically a virus or spamware sign. See rfc2821-extra-spaces.
%d %d.1.0 sender <%s> denied #282
The forward host rejected or temporarily failed the sender.
250 2.1.0 sender <%s> accepted #283
553 5.5.2 rejected recipient %s %s #284
The SMTP RCPT TO: address could not be correctly parsed according to the strict application of one or more RFC 2821 grammar rules. See rfc2821-line-length, rfc2821-local-length, rfc2821-domain-length, rfc2821-literal-plus, rfc2821-strict-dot.
501 5.5.2 syntax error #285
The RFC 2821 grammar for the RCPT TO: command does not allow for white space between the TO: and the <address> argument. When they appear it is typically a virus or spamware sign. See rfc2821-extra-spaces.
550 5.7.1 null recipient invalid #286
The SMTP client specified RCPT TO:<>
451 4.0.0 cannot forward mail for <%s> at this time #287
550 5.7.1 recipient <%s> relaying denied #288
The SMTP client is attempting to relay mail for an unknown recipient domain. Domains that smtpf is responsible for is specified in the route-map. Either the domain has not yet been added, was removed, or the SMTP client is hoping that the server is an open relay.
250 2.1.5 recipient <%s> accepted #290
550 5.7.1 recipient <%s> unknown #292
A call-ahead to a down stream host rejected the recipient. See route-map about RCPT: attribute.
550 5.7.1 recipient <%s> relaying denied #293
The SMTP client is attempting to relay mail for an unknown recipient domain. Domains that smtpf is responsible for is specified in the route-map. Either the domain has not yet been added, was removed, or the SMTP client is hoping that the server is an open relay.
451 4.0.0 cannot forward mail for <%s> at this time #295
We are responsible for this domain, but had a connection error with the forward host.
550 5.7.1 recipient <%s> relaying denied #296
The SMTP client is attempting to relay mail for an unknown recipient domain. Domains that smtpf is responsible for is specified in the route-map. Either the domain has not yet been added, was removed, or the SMTP client is hoping that the server is an open relay.
250 2.1.5 recipient <%s> accepted #297
%s #299
See relay-reply option. The whole reply from the forward host is relayed to the client.
%s recipient <%s> denied #300
See relay-reply option. Only the reply codes from the forward host are relayed to the client with a standardise reason.
554 5.7.0 transaction failed #306
451 4.4.0 transaction aborted #307
554 5.5.2 content line too long (%ld); RFC 2821 section 4.5.3.1 #321
See rfc2821-line-length.
501 5.5.4 %s requires restart #323
Some options cannot be changed during runtime. Modify the /etc/smtpf/smtpf.cf options file, then restart the smtpf process.
214 2.0.0 killing session %s #324
550 5.0.0 session %s killed #325
504 5.5.4 session %s not found #326
The session given to KILL was not found. It probably terminated before this command was entered or there is a typo in the session ID given.
421 4.7.1 client %s [%s] too many concurrent connections, max=%ld #329
See the access-map concerning the Concurrent-Connect: tag.
550 5.3.4 duplicate message rejected #340
550 5.7.1 DSN or MDN in response to an old message #357
See the emew-ttl option.
550 5.7.1 DSN or MDN for message that did not originate here #358
See the emew-secret and emew-dsn-policy options.
421 4.4.0 client %s [%s] unknown #363
The Four21 module is experimental and is only present at select test sites. See four21-unknown-ip option.

This is a RFC 2821 conformance test. Check if the connecting client IP that has never been seen before. If it has not, then 421 the connection and observe if they send a clean QUIT (as specified in RFC 2821), pipeline, or disconnect. If the latter two occur, then the IP is auto-blacklisted.

554 5.4.0 client %s [%s] "No soup for you!" #364
The Four21 module is experimental and only present at select test sites. This response (a reference to the Sienfeld Soup Nazi episode) is the reply given if the client IP failed the 421 test and was subsequently auto-blacklisted. See four21-unknown-ip option.
451 4.4.0 fpscand address error: %s (%d) #367
451 4.4.0 fpscand open error: %s (%d) #368
451 4.4.0 fpscand connect error: %s (%d) #369
451 4.4.0 fpscand buffer overflow #370
451 4.4.0 fpscand write error: %s (%d) #372
451 4.4.0 fpscand read error: %s (%d) #373
See fpscand-socket and fpscand-timeout.
550 5.7.1 %s #376
The fpscand daemon found a virus or suspicious content in the message. See fpscand-policy.
550 5.7.1 %s [%s] failed grey listing #388
421 4.4.3 PTR record lookup error for [%s] #415
554 5.7.1 reject [%s] missing PTR record #416
See client-is-mx and client-ptr-required options.
550 5.7.1 reject IP in client name %s [%s] (1) #418
See client-is-mx and client-ip-in-ptr options.
550 5.7.1 %s [%s] sent pre-greeting traffic #420
See the access-map concerning the GreetPause: tag.
501 5.5.4 invalid HELO %s #423
The HELO or EHLO argument contains include characters in the string. The set of valid characters are alpha-numerics, hyphen, underscore, square brackets, and dot. There is no option to turn this test off.
550 5.7.0 HELO %s does not match client %s [%s] #424
See helo-ip-mismatch option.
550 5.7.0 HELO %s from RFC2606 reserved domain #427
See rfc2606-special-domains option.
550 5.7.0 HELO %s argument must be a FQDN or IP-domain literal #428
See rfc2821-strict-helo option.
550 5.7.0 %s [%s] claims to be us "%s" #430
See helo-claims-us option.
550 5.7.0 HELO %s equivalent to client IP-in-PTR #432
See helo-is-ptr option.
553 5.1.8 sender <%s> from %s has no MX record #434
See mail-require-mx option.
451 4.4.3 sender <%s> from %s MX lookup error #436
See mail-require-mx option.
553 5.1.8 sender <%s> from %s MX invalid #439
The MX list gathered from DNS is pruned to remove hosts that resolve to localhost, RFC 3330 reserved IP addresses that cannot be reached from the Internet, or have no A/AAAA record. This message is reported if the MX list is empty after pruning.
550 5.7.1 too many recipients for DSN or MDN #441
See one-rcpt-per-null option.
553 5.1.8 sender <%s> from %s has no MX record #443
See mail-require-mx option.
553 5.1.8 sender <%s> from %s MX invalid #445
The MX list gathered from DNS is pruned to remove hosts that resolve to localhost, RFC 3330 reserved IP addresses that cannot be reached from the Internet, or have no A/AAAA record. This message is reported if the MX list is empty after pruning.
451 4.4.3 sender <%s> from %s MX lookup error #447
See mail-require-mx option.
550 5.7.1 reject [%s] missing PTR record (2) #449
See client-is-mx and client-ptr-required options.
550 5.7.1 reject IP in client name %s [%s] (2) #450
See client-is-mx and client-ip-in-ptr options.
550 5.7.1 too many recipients for DSN or MDN #452
See one-rcpt-per-null option.
554 5.6.0 message headers must be US-ASCII, found 0x%.2X; RFC 2822 section 2.2 #456
See rfc2822-7bit-headers option.
Date:", ID_ARG(sess));
See rfc2822-strict-date option.
Message-ID:", ID_ARG(sess));
See rfc2822-min-headers option. The Message-ID is not correctly formatted according to RFC 2822 grammar.
Received:", ID_ARG(sess));
Resent-Date:", ID_ARG(sess));
See rfc2822-strict-date option.
554 5.6.0 missing RFC 2822 required headers #462
See rfc2822-min-headers option.
451 4.7.1 %s has exceeded %ld message%s per %ld %s%s #475
See the access-map concerning the Msg-Limit-Connect:, Msg-Limit-From:, Msg-Limit-To: tags.
451 4.4.2 internal network error for %s #481
An error occurred while sending an SMTP command to a forward host.
451 4.4.2 internal network error for %s #485
An error occurred while reading an SMTP reply from a forward host.
451 4.4.4 no answer from %s MX #488
While attempting to perfom a call-back, there was no answer from any of the MX servers tried. See call-back option.
553 5.4.4 %s does not exist #489
451 4.4.3 %s MX lookup error #491
While attempting to perfom a call-back, there was an error looking up the MX records of the sender's domain. See call-back option.
550 5.4.4 no acceptable MX for %s #493
While attempting to perfom a call-back, the MX list gathered from DNS was pruned to remove hosts that resolve to localhost, RFC 3330 reserved IP addresses that cannot be reached from the Internet, or have no A/AAAA record. This message is reported if the MX list is empty after pruning. See call-back option.
451 4.4.4 no answer from %s MX #496
While attempting to perfom a call-back, there was no answer from any of the MX servers tried. See call-back option.
451 4.4.3 %s %s #498
553 5.4.4 %s %s #499
While attempting to perfom a call-back, there was an error looking up the MX records of the sender's domain. See call-back option.
550 5.4.4 no acceptable MX for %s #501
While attempting to perfom a call-back, the MX list gathered from DNS was pruned to remove hosts that resolve to localhost, RFC 3330 reserved IP addresses that cannot be reached from the Internet, or have no A/AAAA record. This message is reported if the MX list is empty after pruning. See call-back option.
550 5.7.1 null-sender messages %ld for <%s> exceed %ld/60s #505
See the access-map concerning the Null-Rate-To: tag.
421 4.4.5 client %s [%s] connections %ld exceed %ld/60s #522
See the access-map concerning the Rate-Connect: tag.
550 5.7.0 %s [%s] black listed by %s #525
550 5.7.0 %s [%s] black listed by %s #530
250 2.0.0 OK #547
Generic response that indicates the command was accepted.
214 2.0.0 end #548
Generic end of a multiline response.
250 2.0.0 proceed #507
There is is a delayed rejection/drop response that will be reported when the RCPT TO: is sent. See smtp-delay-checks.
421 4.3.0 internal server error #549
451 4.3.0 internal server error #550
421 4.3.2 system resources exceeded #551
Some serious condition such as out-of-memory, no more disk space, or similar resource related issue has occured. The connected client will be dropped as it is not possible to proceed until the condition has been resolved by the destination postmaster.
451 4.7.0 try again later #552
This is a generic response, typicall issued by grey-listing during the grey-temp-fail-period, however other tests such as SIQ support may also issue this response.
450 4.4.5 try again later #553
This is an alternate response issued by grey-content after the grey-temp-fail-period when the hashed message content does not match previously saved message hash.
250 2.0.0 message %s accepted #554
The message transaction has reached the final dot to end the message and was accepted for delivery.
550 5.7.1 message %s rejected #555
The message transaction has reached the final dot to end the message and was NOT accepted for delivery.
%d %d.7.0 sender <%s> verification failed #572
A call-back to the sender's MX failed to validate their address. See call-back option.
550 5.7.1 message rejected, SIQ score %d too low #617
See siq-score-reject option.
550 5.3.4 %s [%s] (%lu bytes) exceeded max. message size of %lu bytes #625
See the access-map concerning the Length-Connect:, Length-From:, Length-To: tags.
550 5.3.3 pipelining not allowed #631
See the access-map concerning the CommandPause: tag.
220 %s %sSMTP #632
A stripped down single line welcome banner sent to only localhost, LAN, and relays.
220%c%s %sSMTP %s #633
The first line of possible a multiline welcome banner.
500 5.5.2 RFC 2821 max. command line length exceeded (%ld) #640
See rfc2821-command-length.
500 5.5.2 %s [%s] sent non-printable characters in SMTP command #641
SMTP commands and their arguments can only consist of printable ASCII characters.
550 5.3.3 pipelining not allowed #643
See the access-map concerning the Connect: tag.
550 5.7.1 %s #666
See spamd-score-reject option.
550 5.7.1 message was already marked as spam by sender #678
See spamd-reject-sender-marked-spam and spamd-score-reject options.
550 5.7.1 message was already marked as spam by sender #679
See spamd-sender-marked-spam option.
550 5.7.1 %s #693
See spamd-score-reject option.
%s HELO %s from %s [%s] SPF result %s; %s #701
See spf-helo-policy option.
%s sender <%s> via %s (%s [%s]) SPF result %s; %s #702
See spf-mail-policy option.
550 5.7.1 URI host %s in non-existant domain #740
550 5.7.1 URI domain %s where NS %s contains IP %s in name #741
See uri-ip-in-ns and uri-bl-policy options.
550 5.7.1 URI domain %s where NS %s in non-existant domain #743
See uri-ns-nxdomain and uri-bl-policy options.
550 5.7.1 URI domain %s lookup timeout #744
See uri-reject-on-timeout and uri-bl-policy options.
550 5.7.1 URI domain %s does not exist (%s) #745
See uri-reject-unknown and uri-bl-policy options.
550 5.7.1 URI host %s contains IP %s in %s #746
See uri-ip-in-name and uri-bl-policy options.
550 5.7.1 URL host %s is missing a PTR #748
See uri-require-ptr and uri-bl-policy options.
550 5.7.1 URI host %s in non-existant domain #750
550 5.7.1 URI domain %s where NS %s contains IP %s in name #751
See uri-ip-in-ns and uri-bl-policy options.
550 5.7.1 URI domain %s where NS %s in non-existant domain #753
See uri-ns-nxdomain and uri-bl-policy options.
550 5.7.1 URI host %s contains IP %s in name #754
See uri-ip-in-name and uri-bl-policy options.
550 5.7.1 URI domain %s lookup timeout #756
See uri-reject-on-timeout and uri-bl-policy options.
550 5.7.1 URI domain %s does not exist #757
See uri-reject-unknown and uri-bl-policy options.
550 5.7.1 URL host %s resolves to IP %s in PTR %s #758
See uri-ip-in-ptr and uri-bl-policy options.
550 5.7.1 URL host %s is missing a PTR #760
See uri-require-ptr and uri-bl-policy options.
550 5.7.1 black listed URL domain %s by %s #762
See uri-bl, uri-dns-bl, and uri-bl-policy options.
550 5.7.1 rejected URL host %s #763
See the access-map concerning the Body: tag.
550 5.7.1 host is an IP in URL %s #765
See uri-require-domain and uri-bl-policy options.
550 5.7.1 broken URL "%s": %s #766
See uri-links-policy option.
550 5.7.1 rejected URL host %s #768
See the access-map concerning the Body: tag.
550 5.7.1 host is an IP in URL %s #770
See uri-require-domain and uri-bl-policy options.
550 5.7.1 broken URL "%s": %s #771
See uri-links-policy option.
550 5.7.1 black listed URL domain %s by %s #773
550 5.7.1 black listed URL domain %s by %s #774
See uri-bl and uri-bl-policy options.
550 5.7.1 black listed URL host %s by %s #776
550 5.7.1 black listed URL host %s by %s #777
See uri-dns-bl and uri-bl-policy options.
550 5.7.1 max. URI per message limit exceeded #781
See uri-max-limit option.
550 5.7.1 rejected NS %s, %s #788
See uri-bl-ns option. This option is experimental.
550 5.7.1 rejected client %s [%s], %s #790
See uri-bl-ptr option.
550 5.7.1 rejected HELO, %s #792
See uri-bl-helo option.
550 5.7.1 rejected MAIL FROM, %s #794
See uri-bl-mail option.

- TOP -

Copyright 2006, 2008 by SnertSoft. All rights reserved.
BarricadeMX trademark & patents pending.