| Summary: | qmail-1.03 r15 refuses mail with fixcrio or recordio during TLS session | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | adey |
| Component: | Current packages | Assignee: | Qmail Team (OBSOLETE) <qmail-bugs+disabled> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | major | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
The r15 added the following in the /var/qmail/control/con-smtpd
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} fixcrio"
When this is enabled, qmail smtpd does accept mail that otherwise would be
rejected (bare linefeed emails). However, this is causing mail to be rejected
with a "status 256" being returned by tcpserver, if the other mta is trying to
use TLS. A sample, which I recorded using
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} recordio"
follows
@400000004294a2981937e114 tcpserver: status: 1/40
@400000004294a298193ebafc tcpserver: pid 24242 from 206.106.137.9
@400000004294a29829aaf824 tcpserver: ok 24242 :::ffff:192.168.133.1:25
:::ffff:206.106.137.9::61473
400000004294a29837e5a394 24242 > 220 icalyx.com ESMTP
400000004294a2983a45b78c 24242 < EHLO mx1.interactivebrokers.com
400000004294a2983a49e1f4 24242 > 250-icalyx.com
400000004294a2983a49edac 24242 > 250-STARTTLS
400000004294a2983a49f57c 24242 > 250-SIZE 0
400000004294a2983a49fd4c 24242 > 250-PIPELINING
400000004294a2983a4a051c 24242 > 250 8BITMIME
400000004294a29901a7aafc 24242 < STARTTLS
400000004294a29901ddca74 24242 > 220 ready for tls
@400000004294a29904d294bc 24242 < jQ
@400000004294a29904d2b014 24242 < Àedcba` ªç;ø#i¸«ö¿Ârð;+
@400000004294a29904f3632c 24242 > [EOF]
@400000004294a29904f3826c tcpserver: end 24242 status 256
However, if recordio or fixcrio is removed from QMAIL_SMTP_PRE, this email is
accepted just fine. For the purpose of this bug (mail via TLS being rejected),
addition of either fixcrio or recordio shows exactly the same behavior.
See the following link for some more information :
http://groups-beta.google.com/group/alt.comp.mail.qmail/browse_frm/thread/4da1037febe81207/c7fe177f33d7d012?hl=en#c7fe177f33d7d012
Reproducible: Always
Steps to Reproduce:
I can not reproduce this for you, as I am not able to get a hold of any other
server that would send mail to me using TLS. This is happening when my broker,
interactivebrokers.com sends me email. I am assuming this is a problem
reproducible when you use any server that would want to send email using TLS
while talking to a gentoo qmail-1.03 r15 smtpd, that is using fixcrio
Actual Results:
with fixcrio enabled in QMAIL_SMTP_PRE, mail is rejected with a status 256
Expected Results:
should have received the email (status 0)
this may not be a qmail problem. Maybe fixcrio breaks a TLS session? If so,
fixcrio should be removed and alternatives explored.
If you want to use TLS (USE=ssl), don't use fixcrio. Please so see also here: http://iain.cx/ssl/?qmailtls (In reply to comment #1) > If you want to use TLS (USE=ssl), don't use fixcrio. Please so see also here: > http://iain.cx/ssl/?qmailtls Great. Then let's fix the bug in the ebuild. It installs with TLS patch enabled (it's not some thing the user sets - it's there) and it sets up a conf-smtpd with fixcrio enabled (again, set up by default) and it's mutually incompatible. One must go. Granted, I can disable fixcrio in conf-smtpd, but I had to find out the hard way, and that would be true for anyone that installs 1.03-r15 ebuild. Thanks. This is NOT the default in -r15 this is invalid please do not open it again. fixcrio is commented out by default if it was uncommented you uncommented it yourself and did not realize it. |
The r15 added the following in the /var/qmail/control/con-smtpd QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} fixcrio" When this is enabled, qmail smtpd does accept mail that otherwise would be rejected (bare linefeed emails). However, this is causing mail to be rejected with a "status 256" being returned by tcpserver, if the other mta is trying to use TLS. A sample, which I recorded using QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} recordio" follows @400000004294a2981937e114 tcpserver: status: 1/40 @400000004294a298193ebafc tcpserver: pid 24242 from 206.106.137.9 @400000004294a29829aaf824 tcpserver: ok 24242 :::ffff:192.168.133.1:25 :::ffff:206.106.137.9::61473 400000004294a29837e5a394 24242 > 220 icalyx.com ESMTP 400000004294a2983a45b78c 24242 < EHLO mx1.interactivebrokers.com 400000004294a2983a49e1f4 24242 > 250-icalyx.com 400000004294a2983a49edac 24242 > 250-STARTTLS 400000004294a2983a49f57c 24242 > 250-SIZE 0 400000004294a2983a49fd4c 24242 > 250-PIPELINING 400000004294a2983a4a051c 24242 > 250 8BITMIME 400000004294a29901a7aafc 24242 < STARTTLS 400000004294a29901ddca74 24242 > 220 ready for tls @400000004294a29904d294bc 24242 < jQ @400000004294a29904d2b014 24242 <