Thunderbird sent SMTP command in pipelining with violating pipelining constraints (during account setup should wait for the "EHLO" response before sending "QUIT")
Categories
(MailNews Core :: Networking: SMTP, defect)
Tracking
(Not tracked)
People
(Reporter: jg8nid, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Steps to reproduce:
My mail server is Postfix and Dovecot.
When I create a new account and run “Re-test” with STARTTLS enabled, this test failed. However, my mail server is set up with STARTTLS enabled.
Actual results:
So I tried capturing network traffic, and Thunderbird sent SMTP “EHLO” and “QUIT” commands in violation of the pipeline constraints. As a result, Postfix returns “554 5.5.0 Error: SMTP protocol synchronization”.
As a workaround, set “smtpd_forbid_unauth_pipelining = no” in main.cf (Postfix configuration file). However, this is undesirable from a security standpoint.
Expected results:
"Re-test" is success.
|
||
Updated•3 months ago
|
|
|
||
Comment 1•3 months ago
|
||
Where are the pipeline constraints specified?
|
Reporter | |
Comment 2•3 months ago
|
||
I have not set any pipeline constraints in my Postfix configuration. This is the default setting.
|
|
||
Comment 3•3 months ago
|
||
We don't support PIPELINING.
|
|
Reporter | |
Comment 4•3 months ago
|
||
I understand that Thunderbird don't support SMTP pipelining.
However, when checking the server during account creation, Thunderbird sends "EHLO" and "QUIT" to the SMTP server at once. This is unintentionally SMTP pipelining. As a result, it violates the SMTP pipelining constraint and cannot be detected even by SMTP servers that support STARTTLS. Additionally, with enabling STARTTLS and run "Re-check" when creating an account, it will fail.
I think this problem can be resolved by waiting for the "EHLO" response and then sending "QUIT" when creating an account.
|
|
||
Updated•3 months ago
|
Description
•