[
https://issues.apache.org/jira/browse/JAMES-4038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17849723#comment-17849723
]
Benoit Tellier commented on JAMES-4038:
---------------------------------------
Hello,
The issue outlined in https://github.com/apache/james-project/pull/1979 was the
lack of validation of the EHLO argument wich resulted in arbitrary header
injections via the received header.
The idea of the PR was to try to stick to the RFC but clearly it did not
account for https://datatracker.ietf.org/doc/html/rfc5321#section-4.1.3
IPv6v4-full which em client uses.
I opened https://github.com/apache/james-project/pull/2262 for addressing this.
This bug only affects unreleased version...
> EHLO Error while connect SMTP
> -----------------------------
>
> Key: JAMES-4038
> URL: https://issues.apache.org/jira/browse/JAMES-4038
> Project: James Server
> Issue Type: Bug
> Components: James Core, SMTPServer
> Affects Versions: 3.8.1
> Environment: debian 11, oracle jdk 21
> Reporter: ilya terskov
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Hi there
> docker run -d --net=host chibenwa/james-jpa:JAMES-4037-2 --generate-keystore
> docker exec ID james-cli AddDomain domain.online
> docker exec ID james-cli AddUser [email protected] PASS
> networkctl status
> ● State: routable
> Address: 172.16.149.37 on eth0
> 172.17.0.1 on docker0
> Gateway: 172.16.149.18 (Intel Corporate) on eth0
> DNS: 172.16.149.14
> 172.16.149.33
> While trying get smtp test on 587 with SSL, 465 with STARTTLS or 25
> with/without SSL/STARTTLS for connect happens this
> 06:35:28.976 [ERROR] o.a.j.p.s.c.e.EhloCmdHandler - Invalid EHLO argument
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP
> address.
> 06:35:28.977 [ERROR] o.a.j.p.s.c.HeloCmdHandler - Invalid EHLO argument
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP
> address.
> 06:35:28.982 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection
> established from 172.16.149.220
> 06:35:28.983 [ERROR] o.a.j.p.s.c.e.EhloCmdHandler - Invalid EHLO argument
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP
> address.
> 06:35:28.984 [ERROR] o.a.j.p.s.c.HeloCmdHandler - Invalid EHLO argument
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP
> address.
> 06:35:28.989 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection
> established from 172.16.149.220
> 06:35:28.993 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection
> established from 172.16.149.220
> 06:35:28.997 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection
> established from 172.16.149.220
> 06:35:28.998 [ERROR] o.a.j.p.s.c.e.EhloCmdHandler - Invalid EHLO argument
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP
> address.
> 06:35:28.999 [ERROR] o.a.j.p.s.c.HeloCmdHandler - Invalid EHLO argument
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP
> address.
> 06:35:29.004 [INFO ] o.a.j.p.n.BasicChannelInboundHandler - Connection
> established from 172.16.149.220
> 06:35:29.004 [ERROR] o.a.j.p.s.c.e.EhloCmdHandler - Invalid EHLO argument
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP
> address.
> 06:35:29.006 [ERROR] o.a.j.p.s.c.HeloCmdHandler - Invalid EHLO argument
> received: [IPv6:::ffff:172.16.149.220]. Must be a domain name or an IP
> address.
> IPV6 turned off on client side too as well as on server
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
