IETF Logo Mail Archive

Re: STARTTLS & EHLO

Tony Hansen <tony@att.com> Tue, 27 January 2009 22:12 UTC

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RMCqWV004924 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 Jan 2009 15:12:52 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0RMCqx3004923; Tue, 27 Jan 2009 15:12:52 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from mail121.messagelabs.com (mail121.messagelabs.com [216.82.242.3]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0RMCfRs004911 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <ietf-smtp@imc.org>; Tue, 27 Jan 2009 15:12:51 -0700 (MST) (envelope-from tony@att.com)
X-VirusChecked: Checked
X-Env-Sender: tony@att.com
X-Msg-Ref: server-15.tower-121.messagelabs.com!1233094359!25231357!1
X-StarScan-Version: 6.0.0; banners=-,-,-
X-Originating-IP: [144.160.20.54]
Received: (qmail 31012 invoked from network); 27 Jan 2009 22:12:40 -0000
Received: from sbcsmtp7.sbc.com (HELO mlpi135.enaf.sfdc.sbc.com) (144.160.20.54) by server-15.tower-121.messagelabs.com with AES256-SHA encrypted SMTP; 27 Jan 2009 22:12:40 -0000
Received: from enaf.sfdc.sbc.com (localhost.localdomain [127.0.0.1]) by mlpi135.enaf.sfdc.sbc.com (8.14.3/8.14.3) with ESMTP id n0RMCd1s025692 for <ietf-smtp@imc.org>; Tue, 27 Jan 2009 17:12:39 -0500
Received: from alph001.aldc.att.com (alph001.aldc.att.com [135.53.7.26]) by mlpi135.enaf.sfdc.sbc.com (8.14.3/8.14.3) with ESMTP id n0RMCZIC025652 for <ietf-smtp@imc.org>; Tue, 27 Jan 2009 17:12:35 -0500
Received: from aldc.att.com (localhost.localdomain [127.0.0.1]) by alph001.aldc.att.com (8.14.0/8.14.0) with ESMTP id n0RMCYXD002249 for <ietf-smtp@imc.org>; Tue, 27 Jan 2009 17:12:34 -0500
Received: from maillennium.att.com (mailgw1.maillennium.att.com [135.25.114.99]) by alph001.aldc.att.com (8.14.0/8.14.0) with ESMTP id n0RMCSma002145 for <ietf-smtp@imc.org>; Tue, 27 Jan 2009 17:12:28 -0500
Received: from [135.70.149.180] (vpn-135-70-149-180.vpn.mwst.att.com[135.70.149.180](untrusted sender)) by maillennium.att.com (mailgw1) with ESMTP id <20090127221227gw1000u6noe> (Authid: tony); Tue, 27 Jan 2009 22:12:28 +0000
Message-ID: <497F86CB.60904@att.com>
Date: Tue, 27 Jan 2009 17:12:27 -0500
From: Tony Hansen <tony@att.com>
User-Agent: Thunderbird 2.0.0.19 (Windows/20081209)
MIME-Version: 1.0
To: ietf-smtp@imc.org
Subject: Re: STARTTLS & EHLO
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <497ED420.30708@pscs.co.uk> <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk>
In-Reply-To: <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk>
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>

Ahhh, there's where the difference in interpretation lays. One
interpretation is that the remote side is required to forget the value
that was passed with the original EHLO command. Another interpretation
is that it further must forget that an EHLO command was issued at all.

I guess I can see either interpretation of the STARTTLS spec.

	Tony Hansen
	tony@att.com

Tony Finch wrote:
> On Tue, 27 Jan 2009, Paul Smith wrote:
>> S: 220-main.remotedns.co.uk ESMTP Exim 4.63 #1 Mon, 26 Jan 2009 18:25:48 +0000
>> S: 220-We do not authorize the use of this system to transport unsolicited,
>> S: 220 and/or bulk e-mail.
>> C: EHLO vpop3.company.co.uk
>> S: 250-main.remotedns.co.uk Hello vpop3.company.co.uk [IP address]
>> S: 250-SIZE 52428800
>> S: 250-PIPELINING
>> S: 250-AUTH PLAIN LOGIN
>> S: 250-STARTTLS
>> S: 250 HELP
>> C: STARTTLS
>> S: 220 TLS go ahead
>> <TLS negotiation>
>> C: MAIL FROM:<user@company.co.uk>
>> S: 550 HELO required before MAIL
>>
>> (It happens with a few domains, all of which seem to be using Exim (4.63
>> or 4.69))
> 
> This is a common but (obviously) non-standard anti-spam check. Practically
> the only software that doesn't issue HELO or EHLO is malware so the check
> has a negligible false positive rate. (Malware doesn't use TLS either, so
> your bug is triggering a slightly over-broad check.)
> 
>> It certainly looks as if it has forgotten the fact of the EHLO command
>> once the STARTTLS has happened.
> 
> As it is required to do.
> 
> Tony.

v2.23.0 | Report a Bug | By Email