Henry Jensen (2019-12-04 23:08 +0100): > $ openssl s_client -connect 192.168.56.121:25 -starttls smtp ... > I did verify, that this attack worked on my unpatched OpenBSD 6.6 Box. > But I didn't get much further. After the authentication succeeded > I continued with MAIL FROM: and RCPT TO: After the RCPT TO: the > connection was aborted.
That is openssl s_client getting in your way. From the man page: When used interactively (which means neither -quiet nor -ign_eof have been given), the session will be renegotiated if the line begins with an R; if the line begins with a Q or if end of file is reached, the connection will be closed down. The workaround is to use lowercase commands.