Zbigniew Szalbot wrote:
> Dear all,
>
> Yestarday I saw such entries in logs:
>
> 2007-08-28 12:32:55 SMTP protocol synchronization error (input sent without
> waiting for greeting): rejected connection from
> H=aajg7.neoplus.adsl.tpnet.pl [83.4.240.7] input="EHLO void#defonic\r\n"
>
> I guess it is another way of violating the RFC and I shouldn't worry about
> it? There was no synchronization between the sender (or attacker) and my
> system - this is what it seems to say to me. Just asking because I hear
> these days numerous attempts are carried out to discover security holes in
> available MTAs.
>
As it is said in the logs "input sent without waiting for greeting", the
remote "server" didn't wait for your input. This is covered in RFC2821
par 4.3.
Excerpt:
" The communication between the sender and receiver is an alternating
dialogue, controlled by the sender. As such, the sender issues a
command and the receiver responds with a reply. Unless other
arrangements are negotiated through service extensions, the sender
MUST wait for this response before sending further commands."
But on this particular case this is a SHOULD statement:
" One important reply is the connection greeting. Normally, a receiver
will send a 220 "Service ready" reply when the connection is
completed. The sender SHOULD wait for this greeting message before
sending any commands."
So in fact, exim is not totally right there.
However you shouldn't really worry about rejecting these as the
probability for a legit MTA to not wait for the greeting is nearly 0.