Menu

#16 MAIL FROM not accepted after RSET

1.6
open
nobody
None
5
2006-04-22
2006-04-22
David D. Kilzer
No

According to my interpretation of section 4.1.1.5 of
RFC 2821, the "MAIL FROM" command should be accepted
after an "RSET" command. In testing postfix-2.2.9,
"RSET" can be substituted for the "EHLO" command when
initially connecting to the SMTP server.

Version 1.6 of Dumbster will respond with "503 Bad
sequence of commands: MAIL" instead of "250 OK" if
"MAIL FROM" is issued after a "RSET".

I discovered this after running a unit test on a PC
with Symantec AntiVirus installed. SAV has a feature
where it scans all outgoing mail by using an SMTP
proxy. Apparently it watches SMTP traffic on port 25
and lets commands pass-through until it sees a mail
message is about to be sent, then it issues an RSET
command and replays the MAIL FROM and RCPT TO commands:

S: 220 localhost Dumbster SMTP service ready
C: EHLO HOSTNAME
S: 250 OK
C: MAIL FROM:<from-addr@localhost>
S: 250 OK
C: RCPT TO:<to-addr@localhost>
S: 250 OK
C: RSET
S: 250 OK
C: MAIL FROM:<from-addr@localhost>
S: 503 Bad sequence of commands: MAIL
C: QUIT
S: 503 Bad sequence of commands: QUIT

With the "Internet E-mail Auto-Protect" feature of SAV
disabled, the initial command sequence looks like this:

S: 220 localhost Dumbster SMTP service ready
C: EHLO HOSTNAME
S: 250 OK
C: MAIL FROM:<from-addr@localhost>
S: 250 OK
C: RCPT TO:<to-addr@localhost>
S: 250 OK
C: DATA
S: 354 Start mail input; end with <CRLF>.<CRLF>
[...]

In fact, in testing postfix-2.2.9, it allows the RSET
command to be substituted for the EHLO command upon the
initial connection. If you read into Section 4.1.1.5
of RFC 2821 enough, you might agree with this behavior.

Discussion

  • David D. Kilzer

    David D. Kilzer - 2006-04-23

    Logged In: YES
    user_id=84089

    Attaching a patch to fix this issue.

    I didn't write a test for it since this would require
    writing a custom SMTP client to talk to the server, and I
    didn't have time to do it now.

     

  • David D. Kilzer

    David D. Kilzer - 2006-04-23

    Logged In: YES
    user_id=84089

    Attaching a second patch with tests for this change.

    Note that this change also means:

    - Sending MAIL FROM after connecting (with no EHLO or RSET)
    is legal.
    - Sending MAIL FROM after RSET after connecting is legal.

    I tested both of these scenarios with postfix-2.2.9 and they
    both worked.

     

Log in to post a comment.