On Thu, Nov 25, 2010 at 04:44:10PM +1000, Stephen Thorne wrote:
> G'day,
>
> I've been investigating an issue with using Sender Address Verification
> using address_verify_sender.
>
> I've established that there is a problem with the implementation of
> pipelining used by Microsoft's servers, here's an example of the broken
> behaviour:
>
> Connected to mail.global.frontbridge.com (65.55.88.22).
> 220 TX2EHSMHS029.bigfish.com Microsoft ESMTP MAIL Service ready at Thu, 25
> Nov 2010 06:30:43 +0000
This used to be Postfix, and PIPELINING to frontbridge used to work... :-(
> EHLO foo.com
> 250-TX2EHSMHS029.bigfish.com Hello [150.101.177.132]
> 250-SIZE 157286400
> 250-PIPELINING
> 250-ENHANCEDSTATUSCODES
> 250-STARTTLS
> 250-AUTH
> 250-8BITMIME
> 250-BINARYMIME
> 250 CHUNKING
This is also what I see, with my Perl ESMTP engine (less room for doubt
than with telnet):
S> 220 TX2EHSMHS031.bigfish.com Microsoft ESMTP MAIL Service ready at Thu,
25 Nov 2010 07:19:28 +0000
C> EHLO amnesiac.example.com
S> 250-TX2EHSMHS031.bigfish.com Hello [192.0.2.1]
250-SIZE 157286400
250-PIPELINING
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
C> MAIL FROM:<sen...@example.com>
C> RCPT TO:<recipi...@example.com>
C> RSET
C> QUIT
S> 250 2.1.0 Sender OK
S> 221 2.0.0 Service closing transmission channel
<client sees premature EOF>
And when the script is programmed to synchronize before QUIT:
S> 220 VA3EHSMHS029.bigfish.com Microsoft ESMTP MAIL Service ready at Thu,
25 Nov 2010 07:21:07 +0000
C> EHLO amnesiac.example.com
S> 250-VA3EHSMHS029.bigfish.com Hello [192.0.2.1]
250-SIZE 157286400
250-PIPELINING
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
C> MAIL FROM:<sen...@example.com>
C> RCPT TO:<recipi...@example.com>
C> RSET
S> 250 2.1.0 Sender OK
S> 250 2.1.5 Recipient OK
S> 250 2.0.0 Resetting
C> QUIT
S> 221 2.0.0 Service closing transmission channel
> It seems that the issue is that if you send several commands pipelined,
> and one of those commands is a 'QUIT', the server skips ahead to the
> QUIT and closes the connection. We've verified that this is a major
> problem with doing sender address verification as that sends MAIL FROM,
> RCPT TO, RSET, QUIT in one set of pipelined commands, and the server
> will reliably respond to the MAIL FROM, then send the 221 and close the
> connection.
You can list the FrontBridge IP in smtp_discard_ehlo_keyword_address_maps:
94.245.120.86 pipelining,silent-discard
but keeping track of their IP addresses is likely a pain. This bug needs
to be reported to Microsoft, it can potentially impact more than just SAV.
There is probably more than one IP address in the frontbridge IP pool.
It may not be easy to list them all...
--
Viktor.
