[Exim] HELO Bug in smtp_in.c

Top Page
Delete this message
Reply to this message
Author: Karthikeyan Bhargavan
Date:  
To: exim-users
Subject: [Exim] HELO Bug in smtp_in.c
2 bugs regarding HELO in smtp_in.c in Exim 4.10

Do let me know if they have been fixed since.
I am not very smart at producing patches so I'll just list
them here

1. line 1938:
         smtp_printf("%d %s argument does not match calling host\n",
    should be:
         smtp_printf("%d %s argument does not match calling host\r\n",


    (dont forget the \r!)


2. this is a bit more involved
    When a second HELO is received, RFC2821 Section 4.1.4
    says that if this HELO is not acceptable, then the "SMTP
    server MUST stay in the same state... that it was in before
    the EHLO was received"


    But I see that smtp_in.c (line 1771) the handler for the HELO/EHLO
    resets the state whether or not the HELO is acceptable.
    I discovered this while testing the exim SMTPD and this
    can be easily reproduced:


---------------
> telnet localhost 25

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 verinet.cis.upenn.edu ESMTP Exim 4.10 Sat, 26 Oct 2002 16:31:13 -0400
HELO Localhost
250 verinet.cis.upenn.edu Hello localhost.localdomain [127.0.0.1]
MAIL FROM:bkarthik@verinet
250 OK
RCPT TO:bkarthik@verinet
250 Accepted
HELO
501 Syntactically invalid HELO argument(s)
DATA
503 MAIL command must precede DATA
-----------------

    Here the last DATA command should be accepted according to RFC2821
Section 4.1.4


Please let me know if these changed have been incorporated.
I found these when testing Postfix, Exim and Sendmail for a project
and am curious on whether I found new bugs.

Karthik