On Sat, Feb 18, 2006 at 12:22:22PM -0500, Mark Shewmaker wrote:
On Sat, 2006-02-18 at 15:39 +0100, Alex van den Bogaerdt wrote:
According to 2821:
"If the EHLO command is not acceptable to the SMTP server, 501, 500,
or 502 failure replies MUST be returned as appropriate. The SMTP
server MUST stay in the same state after transmitting these replies
that it was in before the EHLO was received."
In other words: if you reject the EHLO command, pretend it wasn't
given at all.
I'm guessing (hoping) that this isn't relevant for deferred-helo spf
rejections.
For instance, if a server initially accepts an EHLO command, can it
later reject a RCPT-TO based upon the last-accepted EHLO without being
considered in violation of the above?
I assume the answer to that is "yes".
likewise
(It would be rather silly if deferred SPF HELO tests had to look
backwards through a list of hundreds of "accepted" EHLO's to find one
that would not cause a "RCPT TO:"-time reject!)
I thought the STARTTLS case Stuart pointed out was interesting ...
(hoping rfc3207 is current :)
4.2 Result of the STARTTLS Command
Upon completion of the TLS handshake, the SMTP protocol is reset to
the initial state (the state in SMTP after a server issues a 220
service ready greeting). The server MUST discard any knowledge
obtained from the client, such as the argument to the EHLO command,
which was not obtained from the TLS negotiation itself. The client
MUST discard any knowledge obtained from the server, such as the list
of SMTP service extensions, which was not obtained from the TLS
negotiation itself. The client SHOULD send an EHLO command as the
first command after a successful TLS negotiation.
Here's a case where not only are there at least two EHLOs, but also
a fairly explicit prohibition against using the information in the first
later.
Regards,
Paddy
--
Perl 6 will give you the big knob. -- Larry Wall
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com