On Tue, Apr 29, 2014 at 09:21:24PM +0200, Alexander Hall wrote:
>
> On April 29, 2014 7:32:42 PM CEST, Gilles Chehade <gil...@cvs.openbsd.org>
> wrote:
> >CVSROOT: /cvs
> >Module name: src
> >Changes by: gil...@cvs.openbsd.org 2014/04/29 11:32:42
> >
> >Modified files:
> > usr.sbin/smtpd : mta_session.c
> >
> >Log message:
> >when a session fails due to a TLS error in a smtp+tls:// connection,
> >try
> >plain before giving up
>
> Maybe I'm just misreading the commit message, but this sounds surprising. Can
> you please elaborate on why and when this behavior makes sense?
>
Yes, I think you misunderstood the commit, but I'll explain.
Imagine you have the following rule:
accept from local for any relay
It is supposed to relay mail from your local users to the world.
It does not explicitely request any kind of security[0] and it should be
able to deliver to any correctly configured peer accepting mail, with or
without TLS enabled.
OpenSMTPD does opportunistic TLS so when it establishes a session, it'll
always try to negotiate TLS before deciding to go without encryption.
Now what happened is that this opportunistic TLS code had a logic error:
If STARTTLS was advertised, we relayed over TLS.
If STARTTLS was not advertised, we relayed anyways.
If STARTTLS was advertised but we failed to negotiate for some reason...
instead of trying plain which might just work fine, we did just as if we
were in a strict TLS mode and failed the relay.
[0] unlike "relay via tls://", "via smtps://" or even "relay tls"
--
Gilles Chehade
https://www.poolp.org @poolpOrg
