helo.checks hooks being called twice

[msimerson]

while sprinkling note saving lines in the helo.checks plugins, I became aware that the EHLO checks are being called twice. I'm wondering if it's not worth caching the helo hostname in the plugin, and if it's the same the second time HELO/EHLO is called, skip processing?

[msimerson]

PS: the duplicate entries are because of my TLS connection.

[smfreegard]

That's a reasonable idea. I've got something running in test now which I will create a pull request from later.

[baudehlo]

Isn't the point that the remote end could EHLO differently after STARTTLS?
Would be an interesting spamsign.

On Mon, Jan 27, 2014 at 7:56 AM, Steve Freegard notifications@github.comwrote:

That's a reasonable idea. I've got something running in test now which I
will create a pull request from later.

—
Reply to this email directly or view it on GitHubhttps://github.com/baudehlo/Haraka/issues/434#issuecomment-33365042
.

[smfreegard]

Yup - I'm testing if the EHLO before and after STARTTLS match and if they do it returns OK and skips all the other tests on the hook - if they don't then DENY (although this is a bit iffy with TLS - see RFC 3207 Section 4.2). I've also added another test which prevents someone from sending and EHLO and then trying to send a HELO later regardless if the argument matches.

Other than my own testing I haven't seen any hits yet - but this box is pretty low volume.

[smfreegard]

Examples:

smf@i7-desktop:~/Downloads$ openssl s_client -quiet -port 587 -host mail1-ec2.fsl.com -starttls smtp
depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
250 STARTTLS
EHLO foo.bar.com
550 [CBBB4885-EAF4-4005-BF6E-648FF33B2164] EHLO/HELO argument mismatch
HELO foofoofo.com
550 [CBBB4885-EAF4-4005-BF6E-648FF33B2164] HELO not allowed

[msimerson]

When PR #509 is merged, this issue can be closed.