DENY, DENYSOFT, and DISCONNECT are ignored in ehlo_hook #3269
Labels
Comments
|
IIRC this is due to what it said in the RFC.
…On Fri, Jan 19, 2024 at 3:31 PM lnedry ***@***.***> wrote:
DENY, DENYSOFT, and DISCONNECT are ignored in ehlo_hook. DENYDISCONNECT is
not ignored.
I expected that inbound email would be rejected and/or the connection
dropped when DENY is passed to next().
After DENY, DENYSOFT, or DISCONNECT in the ehlo_hook, Haraka will continue
to run hooks and deliver the email.
This is a new install of Debian 11 and Haraka 3.0.2. Only software
necessary for Haraka to operate has been installed along with a few tools
for testing.
# cat /etc/haraka/config/plugins
syslog
test
rcpt_to.in_host_list
queue/smtp_forward
# cat /etc/haraka/plugins/test.js
exports.hook_ehlo = function (next, connection, ehlo) {
return next(DENY, 'DENIED');
}
% ./swaks --server 192.168.1.99 --port 2525 --to ***@***.*** --from ***@***.***
=== Trying 192.168.1.99:2525...
=== Connected to 192.168.1.99.
<- 220 lab.local ESMTP Haraka/3.0.2 ready
-> EHLO imac.local
<** 550 DENIED
-> HELO imac.local
<- 250 lab.local Hello [192.168.1.250]Haraka is at your service.
-> MAIL ***@***.***>
<- 250 sender ***@***.***> OK
-> RCPT ***@***.***>
<- 250 recipient ***@***.***> OK
-> DATA
<- 354 go ahead, make my day
-> Date: Fri, 19 Jan 2024 15:20:48 -0500
-> To: ***@***.***
-> From: ***@***.***
-> Subject: test Fri, 19 Jan 2024 15:20:48 -0500
-> Message-Id: ***@***.***>
-> X-Mailer: swaks v20240103.0 jetmore.org/john/code/swaks/
->
-> This is a test mailing
->
->
-> .
<- 250 OK id=1rQvM8-0000c8-Dq (75388EB8-9402-4FB4-8B6C-DFE4796775C5.1)
-> QUIT
<- 221 lab.local closing connection. Have a jolly good day.
=== Connection closed with remote host.
Jan 19 15:20:48 lab haraka[2263]: [NOTICE] [75388EB8-9402-4FB4-8B6C-DFE4796775C5] [core] connect ip=192.168.1.250 port=49961 local_ip=192.168.1.99 local_port=2525
Jan 19 15:20:48 lab haraka[2263]: [INFO] [75388EB8-9402-4FB4-8B6C-DFE4796775C5] [core] hook=ehlo plugin=test function=hook_ehlo params=imac.local retval=DENY msg=DENIED
Jan 19 15:20:48 lab haraka[2263]: [NOTICE] [75388EB8-9402-4FB4-8B6C-DFE4796775C5.1] [core] sender ***@***.***> code=CONT msg=""
Jan 19 15:20:48 lab haraka[2263]: [INFO] [75388EB8-9402-4FB4-8B6C-DFE4796775C5.1] [core] hook=rcpt plugin=rcpt_to.in_host_list function=hook_rcpt ***@***.***> retval=OK msg=""
Jan 19 15:20:48 lab haraka[2263]: [NOTICE] [75388EB8-9402-4FB4-8B6C-DFE4796775C5.1] [core] recipient ***@***.***> code=OK msg="" ***@***.***
Jan 19 15:20:48 lab haraka[2263]: [NOTICE] [75388EB8-9402-4FB4-8B6C-DFE4796775C5.1] [core] message ***@***.***> size=274 rcpts=1/0/0 delay=0 code=CONT msg=""
Jan 19 15:20:48 lab haraka[2263]: [INFO] [-] [core] [smtp_client] uuid=9ABC6307-B5E7-4B74-8CEF-20CB5AF93EE1 host=192.168.1.99 port=25 created
Jan 19 15:20:48 lab haraka[2263]: [INFO] [75388EB8-9402-4FB4-8B6C-DFE4796775C5.1] [queue/smtp_forward] forwarding to 192.168.1.99:25
Jan 19 15:20:48 lab haraka[2263]: [INFO] [75388EB8-9402-4FB4-8B6C-DFE4796775C5.1] [core] hook=queue plugin=queue/smtp_forward function=queue_forward params="" retval=OK msg="OK id=1rQvM8-0000c8-Dq"
Jan 19 15:20:48 lab haraka[2263]: [NOTICE] [75388EB8-9402-4FB4-8B6C-DFE4796775C5.1] [core] queue code=OK msg="OK id=1rQvM8-0000c8-Dq (75388EB8-9402-4FB4-8B6C-DFE4796775C5.1)"
Jan 19 15:20:48 lab haraka[2263]: [NOTICE] [75388EB8-9402-4FB4-8B6C-DFE4796775C5.1] [core] disconnect ip=192.168.1.250 rdns=NXDOMAIN helo=imac.local relay=N early=N esmtp=N tls=N pipe=N errors=0 txns=1 rcpts=1/0/0 msgs=1/0/0 bytes=274 lr="550 DENIED" time=0.065
Haraka Haraka.js — Version: 3.0.2
Node v20.11.0
OS Linux lab.local 5.10.0-27-amd64 #1
<#1> SMP Debian 5.10.205-2
(2023-12-31) x86_64 GNU/Linux
openssl OpenSSL 1.1.1w 11 Sep 2023
—
Reply to this email directly, view it on GitHub
<#3269>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFBWYZCBWBDMKXOUWYAD2DYPLJY3AVCNFSM6AAAAABCCP2WFWVHI2DSMVQWIX3LMV43ASLTON2WKOZSGA4TCMZWGA3TAOI>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
|
Am I misunderstanding RFC 5321 4.3.2? Specific sequences are: |
|
The IIRC was just a guess. Though to be fair I was mostly following 2821.
…On Fri, Jan 19, 2024 at 4:37 PM lnedry ***@***.***> wrote:
Am I misunderstanding RFC 5321 4.3.2?
Specific sequences are:
EHLO or HELO
S: 250
E: 504 (a conforming implementation could return this code only
in fairly obscure cases), 550, 502 (permitted only with an old-
style server that does not support EHLO)
—
Reply to this email directly, view it on GitHub
<#3269 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFBWYZHPSTEHQUSW2O3PPLYPLRRNAVCNFSM6AAAAABCCP2WFWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMBRGE2DOOJRG4>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
I believe your expectations are incorrect. When configured as you describe above, Haraka does, near as I can tell from reading RFC 5321, The Right Thing: If you don't ask Haraka to disconnect, then it should not disconnect, right? If you want it to disconnect, you know how to configure that in your plugin.
Why would you expect this from a HELO/EHLO hook that you didn't disconnect? At this phase in the dialogue, we're not in a transaction, so why would future transactions be affected? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
DENY, DENYSOFT, and DISCONNECT are ignored in ehlo_hook. DENYDISCONNECT is not ignored.
I expected that inbound email would be rejected and/or the connection dropped when DENY is passed to next().
After DENY, DENYSOFT, or DISCONNECT in the ehlo_hook, Haraka will continue to run hooks and deliver the email.
This is a new install of Debian 11 and Haraka 3.0.2. Only software necessary for Haraka to operate has been installed along with a few tools for testing.
The text was updated successfully, but these errors were encountered: