Re: STARTTLS & EHLO

Hector Santos <hsantos@santronics.com> Wed, 28 January 2009 20:56 UTC

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SKul5f068434 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 28 Jan 2009 13:56:47 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0SKulTG068433; Wed, 28 Jan 2009 13:56:47 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from winserver.com (catinthebox.net [208.247.131.9]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0SKukPw068427 for <ietf-smtp@imc.org>; Wed, 28 Jan 2009 13:56:47 -0700 (MST) (envelope-from hsantos@santronics.com)
Received: by winserver.com (Wildcat! SMTP Router v6.3.452.5) for ietf-smtp@imc.org; Wed, 28 Jan 2009 15:57:21 -0500
Received: from hdev1 ([65.10.45.22]) by winserver.com (Wildcat! SMTP v6.3.452.5) with ESMTP id 2662062937; Wed, 28 Jan 2009 15:57:19 -0500
Message-ID: <4980C684.2070300@santronics.com>
Date: Wed, 28 Jan 2009 15:56:36 -0500
From: Hector Santos <hsantos@santronics.com>
Organization: Santronics Software, Inc.
User-Agent: Thunderbird 2.0.0.0 (Windows/20070326)
MIME-Version: 1.0
To: Tony Hansen <tony@att.com>
CC: ietf-smtp@imc.org
Subject: Re: STARTTLS & EHLO
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <497ED420.30708@pscs.co.uk> <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk> <497F86CB.60904@att.com>
In-Reply-To: <497F86CB.60904@att.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>

My take on this:

I think the client should be aware that most, if not all, servers 
expect a 2nd pass of EHLO, but I also believe the client should not 
presume server features would be the same under TLS and NON-TLS sessions.

For example, the use case where the private or even public server 
allows a stronger AUTH for non TLS sessions and allows weaker AUTH 
under TLS:

    S: 220 blah blah blah
    C: EHLO client-domain.com
    S: 250-server-domain.com
    S: 250 AUTH CRAM-MD5 OTHER
    S: 250 STARTTLS
    C: MAIL FROM: <xxxxxxx>
    S: 530 Must issue a STARTTLS or AUTH command first
    ...

Note: both RFC 2487 (TLS) and RFC 2554 (AUTH) use 530 for an 
enforcement requirement. So here, if it client support CRAM or DIGEST 
it can continue with AUTH CRAM-MD5 or AUTH OTHER. But if it does not 
support these stronger AUTH, and does support TLS, it can continue 
with a STARTLS:

    ...
    C: STARTTLS
    S: 220 Go ahead
    C & S: <TLS negotiation>
    C: MAIL FROM: <xxxxxxx>
    S: 530 AUTH command first
    C: EHLO client-domain.com
    S: 250-server-domain.com
    S: 250 AUTH LOGIN
    S: 250 AUTH-LOGIN
    S: AUTH LOGIN
    S: 235 Authentication successful.

The point is, the client MUST be aware of this possibility and should 
always (MUST) issue an EHLO after TLS is established.

The idea of public vs private and level of authentication is discussed 
in 2487 and this is where the 4.2 statement:

    The client SHOULD send an EHLO command as the
    first command after a successful TLS negotiation.

is "forgetful" of its other key points.  So it should of been 
something like:

    For a SMTP server that is privately referenced, the client
    MUST issue the EHLO command after a successful TLS negotiation
    to determine if there are any changes in AUTH methods, such
    as the strength of the authentication.

    If the server is the publicly reference, the client SHOULD
    send an EHLO command as the first command after a successful
    TLS negotiation, however, it is highly recommended it reissues
    the EHLO in all cases.

    The client SHOULD not degrade from EHLO to HELO.

My take.

-- 
Sincerely

Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com

Tony Hansen wrote:
> Ahhh, there's where the difference in interpretation lays. One
> interpretation is that the remote side is required to forget the value
> that was passed with the original EHLO command. Another interpretation
> is that it further must forget that an EHLO command was issued at all.
> 
> I guess I can see either interpretation of the STARTTLS spec.
> 
> 	Tony Hansen
> 	tony@att.com
> 
> Tony Finch wrote:
>> On Tue, 27 Jan 2009, Paul Smith wrote:
>>> S: 220-main.remotedns.co.uk ESMTP Exim 4.63 #1 Mon, 26 Jan 2009 18:25:48 +0000
>>> S: 220-We do not authorize the use of this system to transport unsolicited,
>>> S: 220 and/or bulk e-mail.
>>> C: EHLO vpop3.company.co.uk
>>> S: 250-main.remotedns.co.uk Hello vpop3.company.co.uk [IP address]
>>> S: 250-SIZE 52428800
>>> S: 250-PIPELINING
>>> S: 250-AUTH PLAIN LOGIN
>>> S: 250-STARTTLS
>>> S: 250 HELP
>>> C: STARTTLS
>>> S: 220 TLS go ahead
>>> <TLS negotiation>
>>> C: MAIL FROM:<user@company.co.uk>
>>> S: 550 HELO required before MAIL
>>>
>>> (It happens with a few domains, all of which seem to be using Exim (4.63
>>> or 4.69))
>> This is a common but (obviously) non-standard anti-spam check. Practically
>> the only software that doesn't issue HELO or EHLO is malware so the check
>> has a negligible false positive rate. (Malware doesn't use TLS either, so
>> your bug is triggering a slightly over-broad check.)
>>
>>> It certainly looks as if it has forgotten the fact of the EHLO command
>>> once the STARTTLS has happened.
>> As it is required to do.
>>
>> Tony.
> 
> 
>