On Tue, Mar 28, 2023 at 01:48:25PM +0100, Andrew C Aitchison via Exim-dev wrote:
> When I do STARTTLS -> CLIENTID -> NOOP
> the CLIENTID gives the correct response code but the next command
> fails (it doesn't have to be a NOOP) in a way suggesting that I have
> lost synchronization. Sometimes the TLS connection reports unexpected
> commands in the input buffer (which I confirm to match what I expect
> the script to send next).
>
> I do have PIPECONNECT enabled, so I may well be tangled up in that somehow.
Can you explain in more detail what the test script is doing? Is per
chance pipelining multiple commands with STARTTLS (which then end up
in the cleartext input buffer even post STARTTLS)?
The client script must not transmit any further SMTP commands after
"STARTTLS<CRLF>" until it has read the response and if succesful (2XX)
completed a TLS handshake. Only at that point may further commands be
sent, and they must be sent over the TLS connection, not the raw TCP
connection.
--
Viktor.
