[jira] [Commented] (JAMES-4038) EHLO Error while connect SMTP

Mon, 27 May 2024 05:52:05 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849723#comment-17849723
 ] 

Benoit Tellier commented on JAMES-4038:
---------------------------------------

Hello,

The issue outlined in https://github.com/apache/james-project/pull/1979 was the 
lack of validation of the EHLO argument wich resulted in arbitrary header 
injections via the received header.

The idea of the PR was to try to stick to the RFC but clearly it did not 
account for https://datatracker.ietf.org/doc/html/rfc5321#section-4.1.3 
IPv6v4-full which em client uses.

I opened https://github.com/apache/james-project/pull/2262 for addressing this.

This bug only affects unreleased version... 

> EHLO Error while connect SMTP
> -----------------------------
>
>                 Key: JAMES-4038
>                 URL: https://issues.apache.org/jira/browse/JAMES-4038
>             Project: James Server
>          Issue Type: Bug
>          Components: James Core, SMTPServer
>    Affects Versions: 3.8.1
>         Environment: debian 11, oracle jdk 21
>            Reporter: ilya terskov
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Hi there
> docker run -d --net=host chibenwa/james-jpa:JAMES-4037-2 --generate-keystore
> docker exec ID james-cli AddDomain domain.online
> docker exec ID james-cli AddUser it@domain.online PASS
> networkctl status
> ●   State: routable
> Address: 172.16.149.37 on eth0
>                172.17.0.1 on docker0
> Gateway: 172.16.149.18 (Intel Corporate) on eth0
>        DNS: 172.16.149.14
>                 172.16.149.33
> While trying get smtp test on 587 with SSL, 465 with STARTTLS or 25 
> with/without SSL/STARTTLS for connect happens this
> 06:35:28.976 [ERROR] o.a.j.p.s.c.e.EhloCmdHandler - Invalid EHLO argument 
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP 
> address.
> 06:35:28.977 [ERROR] o.a.j.p.s.c.HeloCmdHandler - Invalid EHLO argument 
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP 
> address.
> 06:35:28.982 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection 
> established from 172.16.149.220
> 06:35:28.983 [ERROR] o.a.j.p.s.c.e.EhloCmdHandler - Invalid EHLO argument 
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP 
> address.
> 06:35:28.984 [ERROR] o.a.j.p.s.c.HeloCmdHandler - Invalid EHLO argument 
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP 
> address.
> 06:35:28.989 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection 
> established from 172.16.149.220
> 06:35:28.993 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection 
> established from 172.16.149.220
> 06:35:28.997 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection 
> established from 172.16.149.220
> 06:35:28.998 [ERROR] o.a.j.p.s.c.e.EhloCmdHandler - Invalid EHLO argument 
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP 
> address.
> 06:35:28.999 [ERROR] o.a.j.p.s.c.HeloCmdHandler - Invalid EHLO argument 
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP 
> address.
> 06:35:29.004 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection 
> established from 172.16.149.220
> 06:35:29.004 [ERROR] o.a.j.p.s.c.e.EhloCmdHandler - Invalid EHLO argument 
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP 
> address.
> 06:35:29.006 [ERROR] o.a.j.p.s.c.HeloCmdHandler - Invalid EHLO argument 
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP 
> address.
> IPV6 turned off on client side too as well as on server



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to