When enforcing TLS, the only commands available before a TLS connection is established are EHLO and STARTTLS. LHLO is not allowed. Therefore, a STARTTLS connection for LMTP can not be established if TLS is enforced for the LMTP host. This line is responsible for this behavior.
Expected behavior
TLS should also be enforceable for LMTP.
Observed behavior
When enforcing TLS for the configured LMTP host, the connection will always be aborted, even if TLS is possible.
Steps To Reproduce
configure queue/lmtp plugin
add the LMTP host to force_tls_hosts[] in the [outbound] section of tls.ini
System Info:
Haraka
Haraka.js — Version: 3.0.1
Node
v21.6.2
OS
Linux example.fauringer.de 6.7.5-arch1-1 #1 SMP PREEMPT_DYNAMIC Sat, 17 Feb 2024 14:02:33 +0000 x86_64 GNU/Linux
openssl
OpenSSL 1.1.1w 11 Sep 2023
(I know that this is not the newest Haraka version but the issue is also present in the latest release.)
Additional context
I am currently working on a fix and will open a PR soon.
Describe the bug
When enforcing TLS, the only commands available before a TLS connection is established are
EHLOandSTARTTLS.LHLOis not allowed. Therefore, a STARTTLS connection for LMTP can not be established if TLS is enforced for the LMTP host. This line is responsible for this behavior.Expected behavior
TLS should also be enforceable for LMTP.
Observed behavior
When enforcing TLS for the configured LMTP host, the connection will always be aborted, even if TLS is possible.
Steps To Reproduce
queue/lmtppluginforce_tls_hosts[]in the[outbound]section oftls.iniSystem Info:
(I know that this is not the newest Haraka version but the issue is also present in the latest release.)
Additional context
I am currently working on a fix and will open a PR soon.