On Sat, 4 Sep 2021, Viktor Dukhovni via Exim-users wrote:
On Sat, Sep 04, 2021 at 01:18:17PM -0400, John C Klensin wrote:
Absent a time-machine, and given that the ultimate decision is
made after the initial banner and greet pause, and that
refusing SMTP service (521 banner) is supposed to only happen
to botnet and similar clients, the postscreen(8) service has
no choice but to appear to change its mind after the initial
"220-".
If, by "change its mind", you mean "send a response sequence
with different codes", not true. First, if it cared about the
SMTP spec (and I understand the reasons why it might not), it
should accumulate whatever information it thinks useful before
sending the initial connection response and then reply with
either 220 or 521 (or something else) as it thinks appropriate,
not try to mix them.
The greet pause test is *specifically* designed to detect botnet spam
engines that don't wait for the complete multi-line response, and start
talking as soon as they detect the first line of the response. That's
why the pause is after, and not before, "220-". This is also why the
final response code is unavoidably different from the initial.
Are you saying that applies in this case ?
If so, then exim is replying during the greet pause, which is a real bug ?
--
Andrew C. Aitchison Kendal, UK
[email protected]
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
