On April 29, 2014 10:41:53 PM CEST, Gilles Chehade <gil...@poolp.org> wrote: >On Tue, Apr 29, 2014 at 09:21:24PM +0200, Alexander Hall wrote: >> >> On April 29, 2014 7:32:42 PM CEST, Gilles Chehade ><gil...@cvs.openbsd.org> wrote: >> >CVSROOT: /cvs >> >Module name: src >> >Changes by: gil...@cvs.openbsd.org 2014/04/29 11:32:42 >> > >> >Modified files: >> > usr.sbin/smtpd : mta_session.c >> > >> >Log message: >> >when a session fails due to a TLS error in a smtp+tls:// connection, >> >try >> >plain before giving up >> >> Maybe I'm just misreading the commit message, but this sounds >surprising. Can you please elaborate on why and when this behavior >makes sense? >> > >Yes, I think you misunderstood the commit, but I'll explain. > >Imagine you have the following rule: > > accept from local for any relay > >It is supposed to relay mail from your local users to the world. > >It does not explicitely request any kind of security[0] and it should >be >able to deliver to any correctly configured peer accepting mail, with >or >without TLS enabled. > >OpenSMTPD does opportunistic TLS so when it establishes a session, >it'll >always try to negotiate TLS before deciding to go without encryption. > >Now what happened is that this opportunistic TLS code had a logic >error: > >If STARTTLS was advertised, we relayed over TLS. >If STARTTLS was not advertised, we relayed anyways. > >If STARTTLS was advertised but we failed to negotiate for some >reason... >instead of trying plain which might just work fine, we did just as if >we >were in a strict TLS mode and failed the relay. > >[0] unlike "relay via tls://", "via smtps://" or even "relay tls"
Ok. I just didn't parse the tls in "smtp+tls://" part as non mandatory. Thanks for the explanation! /Alexander