Re: STARTTLS & EHLO

Tony Finch <dot@dotat.at> Tue, 27 January 2009 14:08 UTC

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RE8WXa077243 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jan 2009 07:08:32 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0RE8W2u077242; Tue, 27 Jan 2009 07:08:32 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from ppsw-5.csi.cam.ac.uk (ppsw-5.csi.cam.ac.uk [131.111.8.135]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RE8VLd077236 for <ietf-smtp@imc.org>; Tue, 27 Jan 2009 07:08:31 -0700 (MST) (envelope-from fanf2@hermes.cam.ac.uk)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:58827) by ppsw-5.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.155]:25) with esmtpa (EXTERNAL:fanf2) id 1LRocA-0004eC-Hs (Exim 4.70) (return-path <fanf2@hermes.cam.ac.uk>); Tue, 27 Jan 2009 14:08:30 +0000
Received: from fanf2 (helo=localhost) by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1LRocA-0003Hs-H5 (Exim 4.67) (return-path <fanf2@hermes.cam.ac.uk>); Tue, 27 Jan 2009 14:08:30 +0000
Date: Tue, 27 Jan 2009 14:08:30 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Paul Smith <paul@pscs.co.uk>
cc: Tony Hansen <tony@att.com>, ietf-smtp@imc.org
Subject: Re: STARTTLS & EHLO
In-Reply-To: <497ED420.30708@pscs.co.uk>
Message-ID: <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk>
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <497ED420.30708@pscs.co.uk>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>

On Tue, 27 Jan 2009, Paul Smith wrote:
>
> S: 220-main.remotedns.co.uk ESMTP Exim 4.63 #1 Mon, 26 Jan 2009 18:25:48 +0000
> S: 220-We do not authorize the use of this system to transport unsolicited,
> S: 220 and/or bulk e-mail.
> C: EHLO vpop3.company.co.uk
> S: 250-main.remotedns.co.uk Hello vpop3.company.co.uk [IP address]
> S: 250-SIZE 52428800
> S: 250-PIPELINING
> S: 250-AUTH PLAIN LOGIN
> S: 250-STARTTLS
> S: 250 HELP
> C: STARTTLS
> S: 220 TLS go ahead
> <TLS negotiation>
> C: MAIL FROM:<user@company.co.uk>
> S: 550 HELO required before MAIL
>
> (It happens with a few domains, all of which seem to be using Exim (4.63
> or 4.69))

This is a common but (obviously) non-standard anti-spam check. Practically
the only software that doesn't issue HELO or EHLO is malware so the check
has a negligible false positive rate. (Malware doesn't use TLS either, so
your bug is triggering a slightly over-broad check.)

> It certainly looks as if it has forgotten the fact of the EHLO command
> once the STARTTLS has happened.

As it is required to do.

Tony.
-- 
<fanf@exim.org>   <dot@dotat.at>   http://dotat.at/   ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}