Haraka icon indicating copy to clipboard operation
Haraka copied to clipboard

Published 20 hours ago verified publisher icon haraka

Enforcing TLS for LMTP not possible

Open felixauringer opened this issue 11 months ago • 0 comments

Describe the bug

When enforcing TLS, the only commands available before a TLS connection is established are EHLO and STARTTLS. LHLO is not allowed. Therefore, a STARTTLS connection for LMTP can not be established if TLS is enforced for the LMTP host. This line is responsible for this behavior.

Expected behavior

TLS should also be enforceable for LMTP.

Observed behavior

When enforcing TLS for the configured LMTP host, the connection will always be aborted, even if TLS is possible.

Steps To Reproduce

  • configure queue/lmtp plugin
  • add the LMTP host to force_tls_hosts[] in the [outbound] section of tls.ini

System Info:

Haraka Haraka.js — Version: 3.0.1
Node v21.6.2
OS Linux example.fauringer.de 6.7.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Sat, 17 Feb 2024 14:02:33 +0000 x86_64 GNU/Linux
openssl OpenSSL 1.1.1w 11 Sep 2023

(I know that this is not the newest Haraka version but the issue is also present in the latest release.)

Additional context

I am currently working on a fix and will open a PR soon.

felixauringer avatar Feb 26 '24 14:02 felixauringer