Haraka
Haraka copied to clipboard
haraka
helo.checks doesn't check HELO after EHLO
Describe the bug It seems that helo.checks accepts previously rejected identities.
Expected behavior Wrong remains wrong
Observed behavior Persistent wrong turns right:
<- 220 censored ESMTP Haraka ready
-> EHLO google.com
<** 550 You are not who you say you are
-> HELO google.com
<- 250 censored Hello [censored]!
Steps To Reproduce
-
reject.big_company=true - swaks -h google.com
System Info:
| Haraka | Haraka.js — Version: 2.8.27 |
|---|---|
| Node | v12.20.1 |
| OS | Linux censored 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) x86_64 GNU/Linux |
| openssl | OpenSSL 1.1.1d 10 Sep 2019 |
See #434
Please include logs of the transaction, so we can see what's happening.
Guess: do you have helo.checks included in karma.ini.deny_excludes?
I was able to replicate this issue in a clean install of Haraka 3.0.2 (Debian 11). This is related to #3269
I am unable to replicate this with Haraka from HEAD:
❯ nc localhost 25
220 home.simerson.net ESMTP Haraka/3.0.3/2e6ff612 ready
EHLO google.com
550 You are not who you say you are
HELO google.com
550 You are not who you say you are
quit
The only PR I see that might have caused a change in behavior is #3191
I just installed Haraka from HEAD and am getting the same results as Juerd.
220 lab.local ESMTP Haraka/3.0.3/2e6ff612 ready
EHLO google.com
550 You are not who you say you are
HELO google.com
250 lab.local Hello [192.168.1.250]Haraka is at your service.
config/helo.checks.ini
[check]
big_company=true
[reject]
big_company=true
[skip]
private_ip=false
[bigco]
google.com=google.com
config/plugins
helo.checks
mail_from.is_resolvable
rcpt_to.in_host_list
headers
queue/smtp_forward
Ahah, seeing your config helped me narrow down exactly the issue (and see why my results were different than yours). A PR is coming soon.