• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Ipv6 enabled e-mail address fails due to non-standards compliant mailer on HE en

Started by sosdg, July 27, 2009, 01:07:14 AM

Previous topic - Next topic

sosdg

Hello all,

Apparently, the mail server used to test out certification for an ipv6 enabled e-mail address doesn't follow RFC standards when sending mail, and gets rejected by my server:

2009-07-27 01:55:50 SMTP protocol synchronization error (next input sent too soon: pipelining was
advertised): rejected "DATA" H=ipv6.he.net [2001:470:0:64::2] next input="To: \r\nFrom: ipv6@he.net\r
\nMessage-ID: <4a6d5d86d0209.1248681350@ipv6.he.net>\r\nSubject: IPv6 Certification Mail Test\r
\n\r\nPlease insert the following code"


Basically, our mail server located at 2001:470:e867::2 uses a simple way of breaking alot spambots - it inserts a 2 second delay before showing the first '220-' line.  This won't break RFC compliant mail servers, but will break mail servers (mostly spam bots) that dump out the entire conversation without bothering to check to see if its okay to do so yet.

Unfortunately, it seems to affect the HE ipv6 testing mail server as well.  Any way this could get fixed?   :)

Brielle


dataless

Interesting..

I also filter pipelining and I did not encounter this problem with them.

Postfix (which I use) handles it differently than Sendmail though.

sosdg

I believe its the initial delay thats causing the problem.  I'm going to have to sniff packets later on to get the exact idea on whats happening, but from observation, it looks like its either not waiting for the final '220' (without the - at the end) before sending the initial EHLO/HELO then pipelining, or its trying to pipeline without telling my end to pipeline.

I think its the former rather then latter personally.  I've seen Exchange servers do the exact same thing in the past.

kcochran

It's actually not a mailserver, but the certification script you're interfacing with that's sending the mail.

We wait for data back from the server before sending the next line, and ensure we see a valid status number before moving on.  The one thing I do see that probably tripped up our script on your server is the very long banner and command delays likely got what we were sending out of sync from what you were expecting.  I've made some changes and it should be smarter.

sosdg

Quote from: kcochran on July 27, 2009, 02:48:28 PM
It's actually not a mailserver, but the certification script you're interfacing with that's sending the mail.

We wait for data back from the server before sending the next line, and ensure we see a valid status number before moving on.  The one thing I do see that probably tripped up our script on your server is the very long banner and command delays likely got what we were sending out of sync from what you were expecting.  I've made some changes and it should be smarter.

Cool.  :)  Thanks for checking this out!

Brielle

sosdg

I spoke too soon - getting the following error:

"Didn't get expected welcome"

From the test now.

Brielle

kcochran

Blargh, the code really didn't handle multi-line banners well.  This time for sure!

jimb


sosdg

Quote from: kcochran on July 27, 2009, 04:01:17 PM
Blargh, the code really didn't handle multi-line banners well.  This time for sure!

No '220 ' found in welcome banner

:P

I didn't realize my mail server could be this troublesome.  heh.

Brielle

kcochran

It's in PHP.

I this doesn't do it, I'm going to beat up a penguin.  A small foam one, mind you, but a penguin nonetheless.

sosdg

Quote from: kcochran on July 27, 2009, 04:42:53 PM
It's in PHP.

I this doesn't do it, I'm going to beat up a penguin.  A small foam one, mind you, but a penguin nonetheless.

Worked!  :)  Awesome!

Thank you

Brielle

kcochran


tclement

I'm also getting the error

Didn't get expected welcome

error message

My domain is theclements.info

thanks
Tim

tclement

I figured out the problem on my end. 

the hmailserver requires a new "ip range" for it to accept connections from ipv6

snarked

RE - Reply #9:  Oh, No!  Not a penguin, let alone "Tux."

Anyone want to start a "save the penguin" fund here?  ;)
Save the penguin, save the world!  The penguin must survive.