ASSP acts transparent in the greeting - what you see comes from your MTA.
Paul download and try 2.0.2_3.3.01 and set 'etValencePB' to zero.
Thomas
Von: Paul Farrow <[email protected]>
An: ASSP development mailing list <[email protected]>
Datum: 03.10.2011 14:09
Betreff: Re: [Assp-test] Thunderbird SSL/TLS with ASSP Version 2
I take it other fokes can reproduce this problem I am seeing?
If you definately think its a problem with TB will you raise a ticket
with Mozilla? As I am kinda stuck with my TB clients using ASSP since I
have updated to version 2.
Thanks again
Paul
On Mon, 3 Oct 2011 11:50:03 +0200, Thomas Eckardt wrote:
>>> Oct-01-11 20:58:06 [Worker_1] 10.1.10.149 [SMTP Error] 554 5.7.1
>>> Misbehaved SMTP session (EarlyTalker)
>
> What is assp doing?
> ASSP analyzes the SMTP command handshake (sequence of command and
> reply)
> of the client and server.
> Every client and server has to follow the SMTP RFC's.
>
> An valid SMTP session start looks as follows:
>
> 1. client connects to the server over TCP
> 2. server sends '220 welcome or any other text'
> it is also possible to send more than one line in the server greeting
> -
> for example:
> 220-welcome to me
> 220-please follow the RFC
> 220 mail server is now ready
>
> notice the '220-' and '220 ' - every client has to wait until he
> receives
> the line '220 ' (without the '-')
>
> If the client sends any command (the first has to be HELO or EHLO)
> before
> he received the '220 ....' greeting, this is a misbehave in SMTP and
> this
> is penalized by assp.
> Currently all sessions with this misbehave are dropped immediatly.
>
> My idea was, to allow such a misbehave for all outgoing mails and
> 'accepAllMail' IP's - but I'm not sure if this idea is a good one.
> Because
> if a local PC gets highjacked by a bot - this check could help to ban
> it.
>
> I'll revert my currently done code changes. ASSP should not allow any
> SMTP
> misbehave - how ever, this check could be disabled in the next
> release by
> setting 'etValencePB' to zero.
>
>
> Thomas
>
>
>
>
>
> Von: Paul Farrow <[email protected]>
> An: ASSP development mailing list
> <[email protected]>
> Datum: 03.10.2011 03:33
> Betreff: Re: [Assp-test] Antwort: Re: Thunderbird SSL/TLS with
> ASSP
> Version 2
>
>
>
>
>
> Thanks Thomas
>
> What I don't understand is this is Thunderbird 7.0.1 we are talking
> about not some unknown mail client. Surely its unlikely that the
> client
> is the problem is it???
>
> My friend is using Thunderbird (although I don't know what version at
> this stage) and he doesn't appear to have this problem with ASSP
> Version
> 2 which is why I question is it something to do with my setup.
>
> Thanks
>
> Paul
>
> On Sun, 2 Oct 2011 18:51:03 +0200, Thomas Eckardt wrote:
>>>that ASSP Version 2 has this issue
>>
>> This is not an ASSP issue - your client is doing bad SMTP.
>>
>>>when is the next release planned
>>
>> possibly tomorrow
>>
>> Thomas
>>
>>
>>
>>
>> Von: Paul Farrow <[email protected]>
>> An: ASSP development mailing list
>> <[email protected]>
>> Datum: 02.10.2011 13:43
>> Betreff: Re: [Assp-test] Thunderbird SSL/TLS with ASSP
>> Version
>> 2
>>
>>
>>
>>
>>
>> Hi Thomas
>>
>> I kinda find it hard to believe that ASSP Version 2 has this issue,
>> I
>> wondered if it was something more to do with my setup. There must
>> be
>> lots of peeps out there that use Thunderbird. My next question is
>> when
>> is the next release planned as I would really like to get my
>> Thunderbird
>> clients working again without having to switch off SSL?
>>
>> Thanks for your quick reply and all you do for the ASSP project.
>>
>> Paul
>>
>> On Sun, 2 Oct 2011 11:21:06 +0200, Thomas Eckardt wrote:
>>> Your client '10.1.10.149' is talking before the MTA has sent the
>>> '220
>>> ...'
>>> greeting - this is a SMTP misbehave.
>>> The next release will ignore this mistake, if the mail is outgoing
>>> or
>>> the
>>> sending IP matches accepAllMail.
>>>
>>> Thomas
>>>
>>>
>>>
>>>
>>> Von: Paul Farrow <[email protected]>
>>> An: <[email protected]>
>>> Datum: 02.10.2011 03:09
>>> Betreff: [Assp-test] Thunderbird SSL/TLS with ASSP Version 2
>>>
>>>
>>>
>>>
>>>
>>> Hi Guys
>>>
>>> I have just switched from ASSP Version 1 to ASSP Version 2 and
>>> can't
>>> get my Thunderbird (Mac or PC) clients to authenticate over
>>> SSL/TLS.
>>>
>>> The error I see is
>>>
>>> Oct-01-11 20:58:06 [Worker_1] Connected: 10.1.10.149:49514 >
>>> 70.88.29.81:465 > 70.88.29.81:45014 > 70.88.29.81:125 , 7-16
>>> Oct-01-11 20:58:06 [Worker_1] 10.1.10.149 Message-Score: added 25
>>> for
>>> EarlyTalker, total score for this message is now 25
>>> Oct-01-11 20:58:06 [Worker_1] 10.1.10.149 [SMTP Error] 554 5.7.1
>>> Misbehaved SMTP session (EarlyTalker)
>>> Oct-01-11 20:58:06 [Worker_1] Disconnected: 10.1.10.149 - command
>>> list
>>> was 'n/a' - used 1 SocketCalls
>>>
>>> I have QMail as the MTA behind ASSP if that is a clue and my
>>> android
>>> phone authenticates over SSL/TLS no problem.
>>>
>>> It all worked fine over ASSP Version 1 except for the known odd SSL
>>> timeout error with attachments.
>>>
>>> Thanks in advance.
>>>
>>> Paul
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
------------------------------------------------------------------------------
>>> All of the data generated in your IT infrastructure is seriously
>>> valuable.
>>> Why? It contains a definitive record of application performance,
>>> security
>>> threats, fraudulent activity, and more. Splunk takes this data and
>>> makes
>>> sense of it. IT sense. And common sense.
>>> http://p.sf.net/sfu/splunk-d2dcopy2
>>> _______________________________________________
>>> Assp-test mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>>
>>>
>>>
>>>
>>> DISCLAIMER:
>>> *******************************************************
>>> This email and any files transmitted with it may be confidential,
>>> legally
>>> privileged and protected in law and are intended solely for the use
>>> of the
>>>
>>> individual to whom it is addressed.
>>> This email was multiple times scanned for viruses. There should be
>>> no
>>> known virus in this email!
>>> *******************************************************
>>
>>
>>
>>
>>
>
>
------------------------------------------------------------------------------
>> All of the data generated in your IT infrastructure is seriously
>> valuable.
>> Why? It contains a definitive record of application performance,
>> security
>> threats, fraudulent activity, and more. Splunk takes this data and
>> makes
>> sense of it. IT sense. And common sense.
>> http://p.sf.net/sfu/splunk-d2dcopy2
>> _______________________________________________
>> Assp-test mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/assp-test
>>
>>
>>
>>
>> DISCLAIMER:
>> *******************************************************
>> This email and any files transmitted with it may be confidential,
>> legally
>> privileged and protected in law and are intended solely for the use
>> of the
>>
>> individual to whom it is addressed.
>> This email was multiple times scanned for viruses. There should be
>> no
>> known virus in this email!
>> *******************************************************
>
>
>
>
>
------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and
> makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2dcopy1
> _______________________________________________
> Assp-test mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential,
> legally
> privileged and protected in law and are intended solely for the use
> of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
