Re: [exim4] Testing and making sense of smtp output

Sun, 12 Oct 2014 11:41:11 -0700 

lee <l...@yagibdah.de> writes:

I accidentally let my prior response get away before I remembered to
ask these questions. 

[...]

>> LOG: MAIN
>>   <= ha...@2xd.local.lan U=harry P=local S=569
>> $ delivering 1Xauru-0003TT-Fh
>> R: smarthost for rea...@newsguy.com
>> T: remote_smtp_smarthost for rea...@newsguy.com
>> Transport port=25 replaced by host-specific port=587
>> Connecting to mail.messagingengine.com [66.111.4.52]:587 ... connected
>>   SMTP<< 220 mail.messagingengine.com ESMTP ready
>>   SMTP>> EHLO 2xd
>
> That's an invalid helo string.
>
>>   SMTP<< 250-mail.messagingengine.com
>>          250-PIPELINING
>>          250-SIZE 71000000
>>          250-ENHANCEDSTATUSCODES
>>          250-8BITMIME
>>          250 STARTTLS
>>   SMTP>> STARTTLS
>>   SMTP<< 220 2.0.0 Start TLS
>>   SMTP>> EHLO 2xd
>
> That's an invalid helo string.
>
>>   SMTP<< 250-mail.messagingengine.com
>>          250-PIPELINING
>>          250-SIZE 71000000
>>          250-ENHANCEDSTATUSCODES
>>          250-8BITMIME
>>          250-AUTH PLAIN LOGIN
>>          250 AUTH=PLAIN LOGIN
>>   SMTP>> AUTH PLAIN ************************************
>>   SMTP<< 235 2.0.0 OK
>>   SMTP>> MAIL FROM:<ha...@2xd.local.lan> SIZE=1609 AUTH=ha...@2xd.local.lan
>>   SMTP>> RCPT TO:<rea...@newsguy.com>
>>   SMTP>> DATA
>>   SMTP<< 250 2.1.0 Ok
>>   SMTP<< 250 2.1.5 Ok
>>   SMTP<< 354 End data with <CR><LF>.<CR><LF>
>>   SMTP>> writing message and terminating "."
>>   SMTP<< 250 2.0.0 Ok: queued as E25066800A8
>>   SMTP>> QUIT
>> LOG: MAIN
>>   => rea...@newsguy.com R=smarthost T=remote_smtp_smarthost
>> H=mail.messagingengine.com [66.111.4.52]
>> X=TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256
>> DN="C=AU,ST=Victoria,L=Melbourne,O=FastMail Pty
>> Ltd,CN=*.messagingengine.com" A=plain C="250 2.0.0 Ok: queued as
>> E25066800A8"
>> LOG: MAIN
>>   Completed
>
> It worked because the MTA on mail.messagingengine.com is misconfigured
> in that it accepts invalid helo strings.

What part of the smtp stream tips you off that it worked?  I was just
sort of baffled by it.

> You want to make sure that TLS is actually required before sending the
> password.  Otherwise you may end up sending the password over an open
> connection.

So do I pass somekind of query to smarthost first? or in some other
part of config?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87fvetf80u....@reader.local.lan

Reply via email to