On Fri, Oct 11, 2019 at 4:55 PM Brandon Long <[email protected]> wrote:
> At this point, it looks like the message-id header is a red-herring (or an > indication of a different path on their side), the problem is a bug in the > proxying mail server (haraka) issuing multiple EHLO commands after > STARTTLS, but only expecting a single reply... so when it issues the rest > of the mail transaction, it maps the replies to the extra commands to the > commands it thinks it issues, and thus doesn't see us give them an error > response for bad pipelining and thinks the message was successfully > delivered. > After working with Brandon a bit, I agree there's an issue on my end. I'm the only one with access to the box, so I'll be damned if I know why it suddenly started happening Monday morning after I hadn't touched the box in months...but meh. > > Frankly, looking at the haraka code involved, I would be very careful > using that code. I'm not familiar enough with node and javascript to find > the bug (or the code on github doesn't match), but the async code involved > is way underspecified in terms of state machine and validation (ie, it > basically assumes any response not starting with 4/5 is ok, instead of > looking for specific codes... and therefore thinks a 250 is an ok go ahead > for DATA, and doesn't log the error or the fact the server closed the > connection on it) > Yeah--the plan is to move off it. It just took a back seat to other issues left over by their former IT staff. There's no need for a 'high-performance' NodeJS mail server for a relay that handles a few messages per minute during peak use. > (God I'm thankful we converted our servers from async to threaded, > https://www.youtube.com/watch?v=bzkRVzciAZg, get off my lawn ;) > That's awesome--it's like you recorded the planning meeting for the mail relay. ...and the planning meeting I had at a former employer where an employee was making the case for rewriting a released app that made millions of dollars per year because "NodeJS is faster". When the employee got control of the project, his first three commandments were: 1. We're going to use tabs instead of spaces 2. I just deleted the source code for the old project 3. I want you to write tests. (For what? There's no code yet.) Just write tests and I'll modify them as I build the API. *sigh* Thanks again for the help Brandon! By the way...any pointers for watching packets after STARTTLS has been issued? Wireshark doesn't appear to support decrypting SMTP packets. -A
_______________________________________________ mailop mailing list [email protected] https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
