[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: Re: busy box sendmail with -H option
From: Denys Vlasenko <vda.linux () googlemail ! com>
Date: 2016-07-14 17:05:34
Message-ID: CAK1hOcOQW5DwtG2FaOGGBHQTznYQq9RxJjwQS8NSdXoVEO8SdQ () mail ! gmail ! com
[Download RAW message or body]
On Tue, Jun 21, 2016 at 11:59 PM, Jean-Roch Blais
<blaisjeanroch@gmail.com> wrote:
> Hello, sorry ... apparently I did everything wrong by sending this email to
> M. Vlasenko directly, as my kids used to tell me: "it's not me, and I wont
> do it again" :-) !
>
> I just want to know how to correct an small problem with sendmail or how to
> proceed about it to get this fixed if possible.
>
> Thank you
>
> jrb.
>
> Début du message réexpédié :
>
> De: Jean-Roch Blais <blaisjeanroch@gmail.com>
> Objet: busy box sendmail with -H option
> Date: 20 juin 2016 16:21:23 UTC−4
> À: dvlasenko1@gmail.com
>
> Hello busybox maintainer,
>
> Denys, do you have any patch or tip to get sendmail to connect to an esmtp
> server like smtp.videotron.ca:465 using tls and auth. If you refer to this
> posting (#139)
> http://www.snbforums.com/threads/notifications-e-mail.8190/page-7#post-266597
> you will see what I was trying to do...
>
> Reading the source code for busybox sendmail I found this might be the
> trouble...
>
> // connection helper ordered? ->
> if (opts & OPT_H) {
> const char *args[] = { "sh", "-c", opt_connect, NULL };
> // plug it in
> launch_helper(args);
> // Now:
> // our stdout will go to helper's stdin,
> // helper's stdout will be available on our stdin.
>
> // Wait for initial server message.
> // If helper (such as openssl) invokes STARTTLS, the initial 220
> // is swallowed by helper (and not repeated after TLS is initiated).
> // We will send NOOP cmd to server and check the response.
> // We should get 220+250 on plain connection, 250 on STARTTLSed session.
> //
> // The problem here is some servers delay initial 220 message,
> // and consider client to be a spammer if it starts sending cmds
> // before 220 reached it. The code below is unsafe in this regard:
> // in non-STARTTLSed case, we potentially send NOOP before 220
> // is sent by server.
> // Ideas? (--delay SECS opt? --assume-starttls-helper opt?)
> code = smtp_check("NOOP", -1);
> if (code == 220)
> // we got 220 - this is not STARTTLSed connection,
> // eat 250 response to our NOOP
> smtp_check(NULL, 250);
> else
> if (code != 250)
>
>
> I guess a delay before sending the NOOP might fix this, because when I
> connect manually with:
>
> openssl s_client -quiet -CAfile Certificats.pem -connect
> smtp.videotron.ca:465 -tls1
>
> I get:
>
> depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c)
> 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public
> Primary Certification Authority - G5
> verify return:1
> depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN =
> Symantec Class 3 Secure Server CA - G4
> verify return:1
> depth=0 C = CA, ST = Quebec, L = Montreal, O = Videotron s.e.n.c., OU =
> Ingenierie, CN = smtp.videotron.ca
> verify return:1
> 220 smtp.videotron.ca Videotron ESMTP server ready
>
> and I type:
>
> ehlo testing
> 250-smtp.videotron.ca hello [74.57.149.113], pleased to meet you
> 250-HELP
> 250-AUTH LOGIN PLAIN
> 250-SIZE 35840000
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 OK
> quit
> 221 2.0.0 smtp.videotron.ca Videotron closing connection
> read:errno=0
>
> So you see the smtp server is there and awaits the rest of the smtp
> connection commands. But whenever I use this command:
> sendmail -v -H"exec openssl s_client -quiet -CAfile Certificats.pem -tls1
> -connect smtp.videotron.ca:465 -pause" </tmp/mail.txt -froot@firewall
> -auxxxxxxxxx -apyyyyyyyyy blaisjeanroch@gmail.com, it only works randomly,
> about one time out of 5 or 10 tries. I'm even surprised that it works !
With busybox 1.25.0, the following:
sendmail -v -H"exec openssl s_client -quiet -tls1 -connect
smtp.videotron.ca:465 -pause" -froot@firewall -auxxxxxxx -apyyyyyyy
worked for me four times in four tries:
sendmail: send:'NOOP'
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU
= "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign
Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network,
CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = CA, ST = Quebec, L = Montreal, O = Videotron s.e.n.c., OU
= Ingenierie, CN = smtp.videotron.ca
verify return:1
sendmail: recv:'220 smtp.videotron.ca Videotron ESMTP server ready'
sendmail: recv:'250 2.0.0 OK'
sendmail: send:'EHLO localhost'
sendmail: recv:'250-smtp.videotron.ca hello [213.175.37.10], pleased
to meet you'
sendmail: recv:'250-HELP'
sendmail: recv:'250-AUTH LOGIN PLAIN'
sendmail: recv:'250-SIZE 35840000'
sendmail: recv:'250-ENHANCEDSTATUSCODES'
sendmail: recv:'250-8BITMIME'
sendmail: recv:'250 OK'
sendmail: send:'AUTH LOGIN'
sendmail: recv:'334 VXNlcm5hbWU6'
sendmail: send:''
sendmail: recv:'334 UGFzc3dvcmQ6'
sendmail: send:''
read:errno=0
sendmail: recv:'535 5.7.0 ...authentication rejected'
sendmail: failed
(well, naturally auth did not succeed, but the server does talk to me).
This, of course, might be happening because of ~110ms roundtrip from me
to smtp.videotron.ca, and -pause adding 1 second more:
while NOOP travels down the wire, "220" is sent and smtp server is now
won't see me as a spammer.
Can you try adding sleep(3) before code = smtp_check("NOOP", -1)
line and see whether that helps?
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic