On 1/12/2016 9:50 AM, Mike Brudenell wrote:
Intriguing! I'd always assumed that a client/server pair had to proceed
through a HELO/EHLO before MAIL FROM then RCPT TO could be considered, and
given that thought like Marius that rejecting the HELO/EHLO with a 5xx
response code couldn't proceed into accepting a message.
But looking at the section on HELO/EHLO in the RFC for SMTP
<https://tools.ietf.org/html/rfc5321#section-4.1.1.1> it transpires that
it's only a SHOULD requirement:
"A client SMTP SHOULD start an SMTP session by issuing the EHLO command."
And right after that the RFC says
"In any event, a client MUST issue HELO or EHLO before starting a mail
transaction"
I've just confirmed that by telnet-ing to port 25 of our Exim server and
tried going straight into a MAIL FROM without any preceding HELO/EHLO and
got a happy "250 OK" response.
So it looks like 'rejecting' a HELO/EHLO with a 5xx response doesn't
achieve much, which explains the effect Marius was seeing.
Cheers,
Mike B-)
On 12 January 2016 at 10:08, Jeremy Harris <[email protected]> wrote:
On 12/01/16 07:59, Marius Stan wrote:
It works as expected, except that if I insist after the first 550 error,
the message still goes through...
How can I overcome this ?
- you could use helo_verify_hosts
- you could drop rather than deny
- you could check $sender_helo_name in the mail acl
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
