Giters

haraka / Haraka

A fast, highly extensible, and event driven SMTP server

Home Page:https://haraka.github.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Enforcing TLS for LMTP not possible

felixauringer opened this issue · comments

commented

Describe the bug

When enforcing TLS, the only commands available before a TLS connection is established are EHLO and STARTTLS. LHLO is not allowed. Therefore, a STARTTLS connection for LMTP can not be established if TLS is enforced for the LMTP host. This line is responsible for this behavior.

Expected behavior

TLS should also be enforceable for LMTP.

Observed behavior

When enforcing TLS for the configured LMTP host, the connection will always be aborted, even if TLS is possible.

Steps To Reproduce

  • configure queue/lmtp plugin
  • add the LMTP host to force_tls_hosts[] in the [outbound] section of tls.ini

System Info:

Haraka Haraka.js — Version: 3.0.1
Node v21.6.2
OS Linux example.fauringer.de 6.7.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Sat, 17 Feb 2024 14:02:33 +0000 x86_64 GNU/Linux
openssl OpenSSL 1.1.1w 11 Sep 2023

(I know that this is not the newest Haraka version but the issue is also present in the latest release.)

Additional context

I am currently working on a fix and will open a PR soon.