Re: [exim4] Testing and making sense of smtp output
lee <lee@yagibdah.de> writes:
I accidentally let my prior response get away before I remembered to
ask these questions.
[...]
>> LOG: MAIN
>> <= harry@2xd.local.lan U=harry P=local S=569
>> $ delivering 1Xauru-0003TT-Fh
>> R: smarthost for reader@newsguy.com
>> T: remote_smtp_smarthost for reader@newsguy.com
>> Transport port=25 replaced by host-specific port=587
>> Connecting to mail.messagingengine.com [66.111.4.52]:587 ... connected
>> SMTP<< 220 mail.messagingengine.com ESMTP ready
>> SMTP>> EHLO 2xd
>
> That's an invalid helo string.
>
>> SMTP<< 250-mail.messagingengine.com
>> 250-PIPELINING
>> 250-SIZE 71000000
>> 250-ENHANCEDSTATUSCODES
>> 250-8BITMIME
>> 250 STARTTLS
>> SMTP>> STARTTLS
>> SMTP<< 220 2.0.0 Start TLS
>> SMTP>> EHLO 2xd
>
> That's an invalid helo string.
>
>> SMTP<< 250-mail.messagingengine.com
>> 250-PIPELINING
>> 250-SIZE 71000000
>> 250-ENHANCEDSTATUSCODES
>> 250-8BITMIME
>> 250-AUTH PLAIN LOGIN
>> 250 AUTH=PLAIN LOGIN
>> SMTP>> AUTH PLAIN ************************************
>> SMTP<< 235 2.0.0 OK
>> SMTP>> MAIL FROM:<harry@2xd.local.lan> SIZE=1609 AUTH=harry@2xd.local.lan
>> SMTP>> RCPT TO:<reader@newsguy.com>
>> SMTP>> DATA
>> SMTP<< 250 2.1.0 Ok
>> SMTP<< 250 2.1.5 Ok
>> SMTP<< 354 End data with <CR><LF>.<CR><LF>
>> SMTP>> writing message and terminating "."
>> SMTP<< 250 2.0.0 Ok: queued as E25066800A8
>> SMTP>> QUIT
>> LOG: MAIN
>> => reader@newsguy.com R=smarthost T=remote_smtp_smarthost
>> H=mail.messagingengine.com [66.111.4.52]
>> X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
>> DN="C=AU,ST=Victoria,L=Melbourne,O=FastMail Pty
>> Ltd,CN=*.messagingengine.com" A=plain C="250 2.0.0 Ok: queued as
>> E25066800A8"
>> LOG: MAIN
>> Completed
>
> It worked because the MTA on mail.messagingengine.com is misconfigured
> in that it accepts invalid helo strings.
What part of the smtp stream tips you off that it worked? I was just
sort of baffled by it.
> You want to make sure that TLS is actually required before sending the
> password. Otherwise you may end up sending the password over an open
> connection.
So do I pass somekind of query to smarthost first? or in some other
part of config?
Reply to: