Aki Tuomi:
> Hi!
>
> I stumbled upon a possible bug with postfix. I am using postfix
> 3.4.14, and when I use XCLIENT command over smtps (not starttls),
> the session gets stuck until further input, which causes it to
> abort the connection due to unexpected SSL packet.
The server is waiting for a TLS handshake.
By design, XCLIENT resets the session state to where it was immediately
after the SMTP client connected. Otherwise, things like milters and
smtpd_client_restrictions would not work porperly. Therefore, the
first thing the SMTPS server will do is wait for a TLS handshake.
Fixed by selectively skipping the TLS handshake.
Wietse
diff -ur /var/tmp/postfix-3.6-20201003/src/smtpd/smtpd.c src/smtpd/smtpd.c
--- /var/tmp/postfix-3.6-20201003/src/smtpd/smtpd.c 2020-10-03
17:53:03.000000000 -0400
+++ src/smtpd/smtpd.c 2020-10-22 15:57:33.506845176 -0400
@@ -5464,7 +5464,8 @@
* obsolete, so we don't have to provide perfect support.
*/
#ifdef USE_TLS
- if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode) {
+ if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode
+ && state->tls_context == 0) {
#ifdef USE_TLSPROXY
/* We garbage-collect the VSTREAM in smtpd_state_reset() */
state->tlsproxy =
