On Wed, Feb 25, 2015 at 07:25:56PM +0000, Jeremy Harris wrote:
> 7.3 At what stage of an SMTP conversation is CLIENT valid?
> Are multiple uses per SMTP connection (EHLO to QUIT) valid?
Good point. Presumably (when used on either port 587 or port 25
with STARTTLS) the sequence is:
S: 220 example.net
C: EHLO client.example
S: 250-example.net -- DEEP is optional in the
cleartext EHLO response.
250 STARTTLS
C: STARTTLS
S: 220 make my day
C: <TLS CLIENT HELLO>
S: <TLS SERVER HELLO>
... reset of TLS handshake
C: EHLO client.example
S: 250-example.net -- DEEP is taken from the TLS
protected EHLO response.
250 DEEP ...
C: CLIENT ...
And since this is a transport-security mechanism, not a message
security mechanism, CLIENT must precede the start of the "MAIL"
transaction, and can only be sent once. I think it is OK to send
"AUTH" and "CLIENT" in either order.
With port 465 "smtps" (newly called "submissions" in the draft).
$ pcregrep '\s465/tcp\s' /etc/services
urd 465/tcp # URL Rendesvous Directory for SSM
smtps 465/tcp # smtp protocol over TLS/SSL
the above sequence obviously starts with the TLS handshake.
With most MSAs using 587+STARTTLS, do we really need to ask users
who've mostly learned to switch from 25 to 587 to yet again switch
from 587 to 465?
> What action should an MSA take on receipt of a CLIENT command?
Indeed. Is this just for logging?
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
