spf-discuss
[Top] [All Lists]

Re: [spf-discuss] Re: multiple HELOs

2006-02-18 10:43:28
On Sat, Feb 18, 2006 at 12:22:22PM -0500, Mark Shewmaker wrote:
On Sat, 2006-02-18 at 15:39 +0100, Alex van den Bogaerdt wrote:

According to 2821:

"If the EHLO command is not acceptable to the SMTP server, 501, 500,
 or 502 failure replies MUST be returned as appropriate.  The SMTP
 server MUST stay in the same state after transmitting these replies
 that it was in before the EHLO was received."

In other words: if you reject the EHLO command, pretend it wasn't
given at all.

I'm guessing (hoping) that this isn't relevant for deferred-helo spf
rejections.

For instance, if a server initially accepts an EHLO command, can it
later reject a RCPT-TO based upon the last-accepted EHLO without being
considered in violation of the above?

I assume the answer to that is "yes".

likewise

(It would be rather silly if deferred SPF HELO tests had to look
backwards through a list of hundreds of "accepted" EHLO's to find one
that would not cause a "RCPT TO:"-time reject!)

I thought the STARTTLS case Stuart pointed out was interesting ...

(hoping rfc3207 is current :)

   4.2 Result of the STARTTLS Command

   Upon completion of the TLS handshake, the SMTP protocol is reset to
   the initial state (the state in SMTP after a server issues a 220
   service ready greeting).  The server MUST discard any knowledge
   obtained from the client, such as the argument to the EHLO command,
   which was not obtained from the TLS negotiation itself.  The client
   MUST discard any knowledge obtained from the server, such as the list
   of SMTP service extensions, which was not obtained from the TLS
   negotiation itself.  The client SHOULD send an EHLO command as the
   first command after a successful TLS negotiation.

Here's a case where not only are there at least two EHLOs, but also
a fairly explicit prohibition against using the information in the first
later.

Regards,
Paddy
-- 
Perl 6 will give you the big knob. -- Larry Wall

-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

<Prev in Thread] Current Thread [Next in Thread>