Do not advertise STARTTLS in response to HELP unless it would be

advertised in response to EHLO.

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index db68bdae1957f2b531ad3b7963e0484c549ab195..b54416c14c717850c462d8fff5dea2d8da2d731d 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.503 2007/04/16 10:31:58 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.504 2007/04/16 11:17:12 ph10 Exp $

 
 Change log file for Exim from version 4.21
 -------------------------------------------
 
 Change log file for Exim from version 4.21
 -------------------------------------------


@@ -214,6 +214,9 @@ PH/44 I found a way to check for a TCP/IP connection going away before sending
       This could lead to message repetition. This fix should cure that, at
       least in a lot of common cases.
 
       This could lead to message repetition. This fix should cure that, at
       least in a lot of common cases.
 

+PH/45 Do not advertise STARTTLS in response to HELP unless it would be
+      advertised in response to EHLO.
+

 
 Exim version 4.66
 -----------------
 
 Exim version 4.66
 -----------------

diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index dc96a9aa186541c37004774c31d3500fbe4aaddc..fcf165c192aa058902dec7499c182e51ee425d5e 100644 (file)
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/smtp_in.c,v 1.57 2007/04/13 15:13:47 ph10 Exp $ */
+/* $Cambridge: exim/src/src/smtp_in.c,v 1.58 2007/04/16 11:17:13 ph10 Exp $ */

 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *


@@ -3853,9 +3853,10 @@ while (done <= 0)
     break;
 
 
     break;
 
 

-    /* Show ETRN/EXPN/VRFY if there's
-    an ACL for checking hosts; if actually used, a check will be done for
-    permitted hosts. */
+    /* Show ETRN/EXPN/VRFY if there's an ACL for checking hosts; if actually
+    used, a check will be done for permitted hosts. Show STARTTLS only if not
+    already in a TLS session and if it would be advertised in the EHLO
+    response. */

 
     case HELP_CMD:
     HAD(SCH_HELP);
 
     case HELP_CMD:
     HAD(SCH_HELP);


@@ -3865,7 +3866,9 @@ while (done <= 0)
       buffer[0] = 0;
       Ustrcat(buffer, " AUTH");
       #ifdef SUPPORT_TLS
       buffer[0] = 0;
       Ustrcat(buffer, " AUTH");
       #ifdef SUPPORT_TLS

-      Ustrcat(buffer, " STARTTLS");
+      if (tls_active < 0 &&
+          verify_check_host(&tls_advertise_hosts) != FAIL)
+        Ustrcat(buffer, " STARTTLS");

       #endif
       Ustrcat(buffer, " HELO EHLO MAIL RCPT DATA");
       Ustrcat(buffer, " NOOP QUIT RSET HELP");
       #endif
       Ustrcat(buffer, " HELO EHLO MAIL RCPT DATA");
       Ustrcat(buffer, " NOOP QUIT RSET HELP");

diff --git a/test/stdout/0547 b/test/stdout/0547
index 94356f825586303994539155c84df2f6ccdea5d9..ca7e42990b564834b2d179f4941538fae5e50e4e 100644 (file)
--- a/test/stdout/0547
+++ b/test/stdout/0547
@@ -57,31 +57,31 @@ End of script
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 221 myhost.test.ex closing connection\r
 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
 550 Administrative prohibition\r
 221 myhost.test.ex closing connection\r
 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
 550 Administrative prohibition\r


@@ -96,15 +96,15 @@ End of script
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r
 250 Reset OK\r
 250 OK\r
 214-Commands supported:\r

-214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r
+214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP\r

 250 Reset OK\r
 250 OK\r
 554 Too many nonmail commands\r
 250 Reset OK\r
 250 OK\r
 554 Too many nonmail commands\r