Re: [exim] exim still accepting email after 550 from acl_che…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Chris Siebenmann
Date:  
À: Mike Brudenell
CC: Exim Users, cks, Michael Toth
Sujet: Re: [exim] exim still accepting email after 550 from acl_check_helo
> On 12 January 2016 at 16:11, Michael Toth <exim@???> wrote:
> > And right after that the RFC says "In any event, a client MUST issue
> > HELO or EHLO before starting a mail transaction"
>
> Hmmm ... A very good point. Presumably there are some non-mail
> transaction instructions you can give that are valid without the
> HELO/EHLO first being issued.


This means it's valid to do eg 'HELP', 'VRFY', 'EXPN', or even 'RSET'
before (or without) a HELO/EHLO. This is probably at least historical
behavior and may be convenient in some situations, although these days
there's probably very little useful usage of any of these commands.

> OK, so this begs the question that if the RFC says a client MUST issue
> a HELO/EHLO before a mail transaction, then shouldn't Exim refuse to
> accept MAIL FROM until a HELO/EHLO has been received *and* accepted?
> (ie, doing a "deny" and issuing a 5xx response should leave Exim in
> its initial 'still looking for a HELO/EHLO or non-mail transaction
> command')


I suspect that there are MUA clients that start sending MAIL FROM
without HELO/EHLO'ing first and that Exim defaults to accomodating
them. It's possible to construct ACLs that mostly stop this if you want
to (set a connection ACL variable in the HELO/EHLO ACL, then check for
it being set in MAIL FROM)[*].

    - cks
[*: The case I don't think this stops is if the client EHLOs, does
    STARTTLS, and then does not re-EHLO before MAIL FROM.
]