Re: [mailop] Strange behaviour with qq.com SMTP server

Wed, 02 Apr 2025 09:26:40 -0700 

On Wed, Apr 02, 2025 at 05:17:18PM +0200, Winni Neessen via mailop wrote:

> I am currently analysing a weird behaviour when communicating with
> SMTP servers at qq.com. When connecting to their SMTP server via TLS
> (explicit or implicit doesn't matter) and I send a "EHLO" followed by
> a "RSET" and then "QUIT", the server will send a binary sequence:
> "0000 001a 0000 000a 0000 0000 0000 0000" before sending the "221
> Bye.".

I am unable to reproduce your reported behaviour.  With a slightly
modified "posttls-finger" (to send RSET before QUIT), and with
session packet dump turned on, I see:

    posttls-finger: < 250-newxmmxszc28-1.qq.com
    posttls-finger: < 250-8BITMIME
    posttls-finger: < 250-SMTPUTF8
    posttls-finger: < 250-SIZE 73400320
    posttls-finger: < 250 OK
    posttls-finger: > RSET
    posttls-finger: Write 6 chars: RSET??
    posttls-finger: write to 5614CA6ECE20 [5614CA6F75E3] (35 bytes => 35 (0x23))
    posttls-finger: 0000 17 03 03 00 1e d2 5e 1a|92 21 5a c1 f6 05 cf a0  
......^. .!Z.....
    posttls-finger: 0010 cc 70 aa 9b d2 60 ca 2f|02 73 bb d2 83 5b 72 ed  
.p...`./ .s...[r.
    posttls-finger: 0020 1b a0 58                                         ..X
    posttls-finger: read from 5614CA6ECE20 [5614CA6FBE73] (5 bytes => -1)
    posttls-finger: read from 5614CA6ECE20 [5614CA6FBE73] (5 bytes => 5 (0x5))
    posttls-finger: 0000 17 03 03 00 20                                   ....
    posttls-finger: read from 5614CA6ECE20 [5614CA6FBE78] (32 bytes => 32 
(0x20))
    posttls-finger: 0000 47 8a 1f b3 9a f0 95 aa|ac 4b 6d 2b af 87 67 c5  
G....... .Km+..g.
    posttls-finger: 0010 6a ed a6 b3 4e 21 10 de|13 b0 22 a9 63 b1 bb 10  
j...N!.. ..".c...
    posttls-finger: Read 8 chars: 250 OK??
    posttls-finger: < 250 OK
    posttls-finger: > QUIT
    posttls-finger: Write 6 chars: QUIT??
    posttls-finger: write to 5614CA6ECE20 [5614CA6F75E3] (35 bytes => 35 (0x23))
    posttls-finger: 0000 17 03 03 00 1e d2 5e 1a|92 21 5a c1 f7 f9 e9 04  
......^. .!Z.....
    posttls-finger: 0010 28 0d 31 12 76 56 5a 97|e3 ea a3 48 1f 12 dd a2  
(.1.vVZ. ...H....
    posttls-finger: 0020 52 d8 41                                         R.A
    posttls-finger: read from 5614CA6ECE20 [5614CA6FBE73] (5 bytes => -1)
    posttls-finger: read from 5614CA6ECE20 [5614CA6FBE73] (5 bytes => 5 (0x5))
    posttls-finger: 0000 17 03 03 00 22                                   ...."
    posttls-finger: read from 5614CA6ECE20 [5614CA6FBE78] (34 bytes => 34 
(0x22))
    posttls-finger: 0000 47 8a 1f b3 9a f0 95 ab|b8 de ed da 08 07 95 69  
G....... .......i
    posttls-finger: 0010 a0 b2 ff d2 c7 51 22 94|18 f3 1b d0 59 ac 6a cb  
.....Q". ....Y.j.
    posttls-finger: 0020 e2 76                                            .v
    posttls-finger: Read 10 chars: 221 Bye.??
    posttls-finger: < 221 Bye.
    posttls-finger: write to 5614CA6ECE20 [5614CA6F75E3] (31 bytes => 31 (0x1F))
    posttls-finger: 0000 15 03 03 00 1a d2 5e 1a|92 21 5a c1 f8 c8 01 3f  
......^. .!Z....?
    posttls-finger: 0010 ab de 40 ce d3 11 8c 71|8a a6 3d f9 39 2a cc     
..@....q ..=.9*.

Not mystery bytes seen.  Are you violating ESMTP PIPELINING?
The EHLO and RSET commands are synchrnisation points, and you
MUST wait for a response before issuing further commands.

But, FWIW, I also don't see anything unexpected when violating the
protocol to send "RSET<CRLF>QUIT<CRLF>" together.

--
    Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to