Zbigniew Szalbot wrote:
Dear all, Yestarday I saw such entries in logs: 2007-08-28 12:32:55 SMTP protocol synchronization error (input sent without waiting for greeting): rejected connection from H=aajg7.neoplus.adsl.tpnet.pl [83.4.240.7] input="EHLO void#defonic\r\n" I guess it is another way of violating the RFC and I shouldn't worry about it? There was no synchronization between the sender (or attacker) and my system - this is what it seems to say to me. Just asking because I hear these days numerous attempts are carried out to discover security holes in available MTAs.
As it is said in the logs "input sent without waiting for greeting", the remote "server" didn't wait for your input. This is covered in RFC2821 par 4.3.
Excerpt: " The communication between the sender and receiver is an alternating dialogue, controlled by the sender. As such, the sender issues a command and the receiver responds with a reply. Unless other arrangements are negotiated through service extensions, the sender MUST wait for this response before sending further commands." But on this particular case this is a SHOULD statement: " One important reply is the connection greeting. Normally, a receiver will send a 220 "Service ready" reply when the connection is completed. The sender SHOULD wait for this greeting message before sending any commands." So in fact, exim is not totally right there.However you shouldn't really worry about rejecting these as the probability for a legit MTA to not wait for the greeting is nearly 0.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
