Re: [exim] protocol synchronization error

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Renaud Allard
Date:  
À: Zbigniew Szalbot
CC: Exim users
Sujet: Re: [exim] protocol synchronization error


Zbigniew Szalbot wrote:
> Dear all,
>
> Yestarday I saw such entries in logs:
>
> 2007-08-28 12:32:55 SMTP protocol synchronization error (input sent without
> waiting for greeting): rejected connection from
> H=aajg7.neoplus.adsl.tpnet.pl [83.4.240.7] input="EHLO void#defonic\r\n"
>
> I guess it is another way of violating the RFC and I shouldn't worry about
> it? There was no synchronization between the sender (or attacker) and my
> system - this is what it seems to say to me. Just asking because I hear
> these days numerous attempts are carried out to discover security holes in
> available MTAs.
>


As it is said in the logs "input sent without waiting for greeting", the
remote "server" didn't wait for your input. This is covered in RFC2821
par 4.3.

Excerpt:
"   The communication between the sender and receiver is an alternating
    dialogue, controlled by the sender.  As such, the sender issues a
    command and the receiver responds with a reply.  Unless other
    arrangements are negotiated through service extensions, the sender
    MUST wait for this response before sending further commands."


But on this particular case this is a SHOULD statement:
"  One important reply is the connection greeting.  Normally, a receiver
    will send a 220 "Service ready" reply when the connection is
    completed.  The sender SHOULD wait for this greeting message before
    sending any commands."


So in fact, exim is not totally right there.
However you shouldn't really worry about rejecting these as the
probability for a legit MTA to not wait for the greeting is nearly 0.