Heiko Schlittermann wrote:
> should exim support receiving a STARTTLS *before* receiving an EHLO?
no.
Well, it wouldn't hurt (just like allowing AUTH before EHLO), but why? No
proper client would do it.
> openssl s_client -connect ssl.schlittermann.de:25 -starttls smtp
> 503 STARTTLS command used when not advertised..
Which openssl version is this? 0.9.7f (on FC4) sends "EHLO some.host.name"
before STARTTLS.
> Is this (exims) behaviour just a missing feature oder standard/RFC
> compliance? (a short look into RFC2487 just showed me an example with
> connect -> EHLO -> STARTTLS, but no hint if this is required.)
I'd say: A server is not required to enforce EHLO before using extensions,
but it is also not required to allow them before he has announced them
through an ESMTP response.
Anyway, RFC 821 says: "The first command in a session must be the HELO
command.", changed by RFC 1869, 4.1.1:
RFC 821 states that the first command in an SMTP session must be the
HELO command. This requirement is hereby amended to allow a session
to start with either EHLO or HELO.
So, anything before HELO/EHLO is a RFC violation.
Still, many servers even allow sending mail without EHLO/HELO, they are
just more tolerant then they have to.
