On 2/2/21 12:39 PM, Leo Bicknell wrote: > In a message written on Tue, Feb 02, 2021 at 04:54:18PM +0000, Antonio Leding > wrote: >> You're not doin' well son...quit diggin' and go back to rethink your >> approach. I dare say at least a majority on this list, including >> myself, will trust Viktor et al a far bit more than someone coming in >> from the cold who freely admits the are not "well versed" in the app, >> nor a key protocol used by that app, but then still feels qualified to >> argue as to the (falsely) alleged flaws in that app... > > This is not the first place I've discussed this, and the usual > reception is some fascination at the interplay of the TLS library > and the application. I have found many opinions of the severity > or urgency, but I have yet in any previous community had anyone > argue that dropping the TLS connection was a good behavior.
There are a few reasons (all mentioned earlier) why Postfix uses the approach it does: - Postfix is process-per-connection, so waiting for a timeout would consume nontrivial resources. - Postfix does not send QUIT until it has received responses to all pending commands. An SMTP server will not respond to a command until it has received all of the commands data. Together, this guarantees that when Postfix sends QUIT, the buffers on **both** sides of the connection are empty. - Postfix never downgrades a TLS connection to clear text. Therefore, any call to SSL_shutdown will soon be followed by closing the socket. >From a security perspective, it actually isn’t necessary for Postfix to send a close notify at all. Simply closing the TCP connection would work just as well, and might even be a bit faster. An FTPS implementation, however, absolutely must do a full bidirectional shutdown of the TLS connection. Since Postfix’s behavior as a client is valid, servers should not consider it an error condition. If a server does consider it an error, I would consider this a bug in the server implementation. Conversely, an FTPS implementation *should* consider lack of bidirectional shutdown to be an error. Sincerely, Demi
