Re: [exim] exim still accepting email after 550 from acl_che…

Top Page
Delete this message
Reply to this message
Author: Mike Brudenell
Date:  
To: Exim Users
CC: Marius Stan
Subject: Re: [exim] exim still accepting email after 550 from acl_check_helo
Intriguing! I'd always assumed that a client/server pair had to proceed
through a HELO/EHLO before MAIL FROM then RCPT TO could be considered, and
given that thought like Marius that rejecting the HELO/EHLO with a 5xx
response code couldn't proceed into accepting a message.

But looking at the section on HELO/EHLO in the RFC for SMTP
<https://tools.ietf.org/html/rfc5321#section-4.1.1.1> it transpires that
it's only a SHOULD requirement:

"A client SMTP SHOULD start an SMTP session by issuing the EHLO command."


I've just confirmed that by telnet-ing to port 25 of our Exim server and
tried going straight into a MAIL FROM without any preceding HELO/EHLO and
got a happy "250 OK" response.

So it looks like 'rejecting' a HELO/EHLO with a 5xx response doesn't
achieve much, which explains the effect Marius was seeing.

Cheers,
Mike B-)

On 12 January 2016 at 10:08, Jeremy Harris <jgh@???> wrote:

> On 12/01/16 07:59, Marius Stan wrote:
> > It works as expected, except that if I insist after the first 550 error,
> > the message still goes through...
>
> > How can I overcome this ?
>
> - you could use helo_verify_hosts
> - you could drop rather than deny
> - you could check $sender_helo_name in the mail acl
>
> --
> Cheers,
> Jeremy
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>




--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm