I write at this forum, as apparently MS people read this, and
me being a non-customer to them, I have no direct access routes
to send bug reports.
I have implemented ESMTP CHUNKING / BDAT since 1997, and now
finally some major implementations do appear -- but sadly first
of them is broken. The end result is that even if Microsoft
fixes things this week, bug containing versions will be running
for years... (Shall RFC 3030 be thus considered failure due
to widely installed buggy implementation ?)
In RFC 3030 two ESMTP extensions are defined:
- CHUNKING
- BINARYMIME
The buggy implementation is of CHUNKING's BDAT verb processing.
Said verb runs like this:
BDAT nnnn [LAST] CRLF
< nnnn bytes of message header+content data with CRLF line ends >
The server shall always consume the message content associated
with BDAT verb. (Ok, RFC 3030 text isn't explicitely clear at this,
which has lead to a number of implementation bugs, including
the one presently being discussed.)
With simultaneous PIPELINING facility/compability declared by the
remote MTA server, a smtp-client sending in optimized pipeline mode
sends MAIL FROM, one or more of RCPT TO, and also BDAT+message content
all in one TCP data push.
How MS Exchange 2000 as deployed at Hotmail.COM now does work is:
- If MAIL FROM and RCPT TO (one or more) are received
successfully, BDAT will be accepted successfully.
- If for some reason all RCPT TOs are rejected, treatment of BDAT
is broken. Associated data is not consumed (discarded), and
the result is unpredictable number of "500 Unrecognized command"
messages, as the message content ended up in SMTP command processing.
Following UNIX bash-script shows what happens.
(echo "EHLO foo";sleep 1;
echo -e "MAIL FROM:<>\nRCPT TO:<lklkzzh(_at_)hotmail(_dot_)com>\nBDAT 9
LAST\n1\n2\n3\n";
sleep 2;
echo -e "MAIL FROM:<>\nRCPT TO:<lklkzzh(_at_)hotmail(_dot_)com>\nBDAT 9
LAST\n1\n2\n3\n";
sleep 3) | telnet mx1.hotmail.com smtp
Doing network protocol dump, one can see that from MAIL FROM to
BDAT content data all are sent with single TCP data push, as is
the nature of smtp-client in fully developed PIPELINING mode.
Here are the received responses:
220 mc1-f8.law16.hotmail.com Microsoft ESMTP MAIL Service, Version:
5.0.2195.5600 ready at Mon, 17 Feb 2003 16:23:42 -0800
<<- EHLO foo
250-mc1-f8.law16.hotmail.com (02.01.00.0007) Hello [62.240.94.4]
250-SIZE 4278190
250-PIPELINING
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-AUTH LOGIN
250-AUTH=LOGIN
250-X-HMAUTH
250 OK
<<- MAIL FROM:<>
250 <>....Sender OK
<<- RCPT TO:<lklkzzh(_at_)hotmail(_dot_)com>
550 Requested action not taken: mailbox unavailable
<<- BDAT 9 LAST (+ data)
503 Need Rcpt command.
500 Unrecognized command
500 Unrecognized command
500 Unrecognized command
<<- MAIL FROM:<>
503 Sender already specified
<<- RCPT TO:<lklkzzh(_at_)hotmail(_dot_)com>
550 Requested action not taken: mailbox unavailable
<<- BDAT 9 LAST (+ data)
503 Need Rcpt command.
500 Unrecognized command
500 Unrecognized command
500 Unrecognized command
Fully pipelined smtp client code does not expect
any of those "500 Unrecognized command" lines, and
goes out of protocol sync.
--
/Matti Aarnio <mea(_at_)nic(_dot_)funet(_dot_)fi>