Re: [exim] exim still accepting email after 550 from acl_che…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Michael Toth
Date:  
À: Mike Brudenell, Exim Users
CC: Marius Stan
Sujet: Re: [exim] exim still accepting email after 550 from acl_check_helo
On 1/12/2016 9:50 AM, Mike Brudenell wrote:
> Intriguing! I'd always assumed that a client/server pair had to proceed
> through a HELO/EHLO before MAIL FROM then RCPT TO could be considered, and
> given that thought like Marius that rejecting the HELO/EHLO with a 5xx
> response code couldn't proceed into accepting a message.
>
> But looking at the section on HELO/EHLO in the RFC for SMTP
> <https://tools.ietf.org/html/rfc5321#section-4.1.1.1> it transpires that
> it's only a SHOULD requirement:
>
> "A client SMTP SHOULD start an SMTP session by issuing the EHLO command."


And right after that the RFC says
"In any event, a client MUST issue HELO or EHLO before starting a mail
transaction"



>
>
> I've just confirmed that by telnet-ing to port 25 of our Exim server and
> tried going straight into a MAIL FROM without any preceding HELO/EHLO and
> got a happy "250 OK" response.
>
> So it looks like 'rejecting' a HELO/EHLO with a 5xx response doesn't
> achieve much, which explains the effect Marius was seeing.
>
> Cheers,
> Mike B-)
>
> On 12 January 2016 at 10:08, Jeremy Harris <jgh@???> wrote:
>
>> On 12/01/16 07:59, Marius Stan wrote:
>>> It works as expected, except that if I insist after the first 550 error,
>>> the message still goes through...
>>
>>> How can I overcome this ?
>>
>> - you could use helo_verify_hosts
>> - you could drop rather than deny
>> - you could check $sender_helo_name in the mail acl
>>
>> --
>> Cheers,
>>    Jeremy

>>
>>
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>
>
>