Re: Connection notes and TLS

Thu, 22 May 2008 09:42:52 -0700 

Charlie Brady wrote:


On Wed, 21 May 2008, Hanno Hecker wrote:


On Wed, 21 May 2008 10:39:37 -0400 (EDT)
Charlie Brady <[EMAIL PROTECTED]> wrote:

On Wed, 21 May 2008, Hanno Hecker wrote:

- if you use the tls plugin, all connection notes are lost after the
 TLS setup is complete


Why? Isn't that a bug in the tls plugin? When TLS is negotiated, the
transaction notes should be cleared (then TLS status added), but the
connection notes should still be valid - it's the same connection still.

Yes and no :) IMO at least some of the notes are still valid, but see
this thread:
 http://www.nntp.perl.org/group/perl.qpsmtpd/2006/08/msg5371.html



I don't see anything in the thread which identifies which notes might 
and might not be valid post-starttls.


John Peacock says:


    I think that sounds appropriate, as TLS essentially starts a new
connection.


It's a required part of the RFC, see RFC-2487 Section 5.2:


Upon completion of the TLS handshake, ... [t]he server MUST discard any
knowledge obtained from the client...



I don't dispute what the RFC says, but I don't see that all connection 
notes are "knowledge obtained from the client". Some is knowledge 
obtained from the TCP connection.



I think we can even take "any knowledge obtained from the client must be 
discarded", with a grain of salt in our case. If the spammer says 
something pre-tls which makes it very obvious to us that he is a 
spammer, do we forget that information once tls is negotiated? Ditto for 
"reset" - do we allow a spammer to try again with a clear slate by 
sending "reset"? I don't think so.



No, we just need to clear our SMTP transaction state machine, helo 
hostname and envelope address lists when TLS is negotiated. That should 
be sufficient for RFC protocol compliance.



Do you even have to purge envelope addresses per-se?  It doesn't say it, 
but doesn't STARTTLS have to occur immediately after HELO?  (or the 
reset equivalent).  It's all going to get filled in again before the 
client can send anything anyway.



Killing transaction/connection notes() is a bit of a kludge, because 
there's lots of other plugins who may be relying on the data being 
persistent.
























					Reply via email to