-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/smtp: in smtp.go, c.cmd(501, "*") takes long for server to respond. #18094
Comments
I've plumbed the depths of my memory, looked at the code and the code review, and tried to reason about it, but I can't remember or figure it out. Sorry I can't be of more help. |
That's still helpful. If an SMTP expert wants to weigh in, maybe it's safe to just delete it. We're already in an error path. |
By reading the RFC: https://www.ietf.org/rfc/rfc2554.txt
And in the case of OP, when incorrect credentials are sent by client, the server returns 535 which means the AUTH exchange has already been rejected, so there's no need to send "*" to ask server to reject the AUTH command. My first time reading this RFC, so let's see what expert says about this issue. |
Feel free to ignore this/close this smtp package issue too. I was already looking at it when you closed the other, I figure I may as well finish what I was writing. Sorry for the noise! At least it may lead to closing some issues :-) I concur with the RFC reading that sending the However simply deleting sending the We also need to send Essentially I think what would be the most correct would be to check if the server rejected the AUTH exchange, and if so, quit without sending Of course, testing this in the wild would be good to confirm. This could be done by checking
Note there is still an issue in the above: If decoding failed when code was 334, we should send |
I ran a modified example that connects to gmail's smtp servers, and was able to reproduce this behavior on my DigitalOcean VM. I believe this has to do with them blocking SMTP over IPV6.
Running this on my macbook produced the correct error immediately:
But running it on my VM took ~2 minutes to respond. After researching the error, I came across https://www.digitalocean.com/community/questions/outgoing-connections-on-port-25-587-143-blocked-over-ipv6. Changing this line |
Change https://golang.org/cl/104435 mentions this issue: |
Hi, I have a fix from https://golang.org/cl/104435 to resolve this issue, please help review. The test file need to be changed as well. However as the smtp_test.go contains a private key, I cannot push that change, the git -o nokeycheck not work for me as my git does not have a -o switch. Any idea what shall I do to change the test file? |
What version of Go are you using (
go version
)?go version go1.7.3 linux/amd64
What operating system and processor architecture are you using (
go env
)?GOARCH="amd64"
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build126580691=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
What did you do?
I tried to establish a tls connection to an smtp server and call client.Auth to authenticate, code may look like this:
What did you see instead?
When the incorrect username/password is provided the function Auth took 1 minute to return. I found it was due to this line:
https://github.com/golang/go/blob/master/src/net/smtp/smtp.go#L221
that the client tries to send "*" to server and expects "501" which is "Syntax Error", it took very long for server to respond. If I comment this line and rebuild. I can get the error very quickly.
Could anyone let me know why is this line necessary? And is it common the server took 1 minute to respond "*"?
The text was updated successfully, but these errors were encountered: