On Thu, 24 Feb 2011, Mark Nipper wrote:
> On 24 Feb 2011, Phil Pennock wrote:
> > On 2011-02-23 at 17:45 -0800, WJCarpenter wrote:
> > > 250-my.server.name Hello his.dynamic.address.bellsouth.net [111.222.333.444]
> > > 250-AUTH PLAIN LOGIN
> > > 250-HELP
> > > 250 STARTTLS
> >
> > This has been tampered with by an intermediary.
> >
> > In Exim, the "HELP" EHLO keyword is always last.
>
> Antivirus software the user's box possibly?
I'd rather think a central/router-proxy.
May be the provider had enough support-calls
for broken old clients who only 'helo' once.
Default exim does need:
1) HELO at once for advertising 'STARTTLS'
... tls starts up ...
2) HELO again for advertising 'AUTH'
... THEN login works ...
'really old' (broken) clients do HELO
only helo once and thus NEVER work on
default exim. Including a fake 'STARTTLS'
may irritate some, but elimintes these
old clients('s problem).
And even older and more broken clients simply
start by sendig 'auth-lines' without any
HELO before it and including plaintex passwds
which makes 'old SSL' (tls-on-connect) more
secure than STARTTLS by blocking those.
Stucki
--
Christoph von Stuckrad * * |nickname |Mail <stucki@???> \
Freie Universitaet Berlin |/_*|'stucki' |Tel(Mo.,Mi.):+49 30 838-75 459|
Mathematik & Informatik EDV |\ *|if online| (Di,Do,Fr):+49 30 77 39 6600|
Takustr. 9 / 14195 Berlin * * |on IRCnet|Fax(home): +49 30 77 39 6601/