dovecot - Sep 2020 - dovecot warns (non-fatal) "invalid EHLO response line: Unexpected character in EHLO keyword" connecting to submission relay ?

I'm setting up an alternative submission relay host for dovecot.  Atm,
it's pointing @ fastmail.com.

with dovecot config,

	submission_relay_host       = smtp.fastmail.com
	submission_relay_port       = 465
	submission_relay_ssl        = smtps
	submission_relay_ssl_verify = no
	submission_relay_trusted    = yes
	submission_relay_user       = 'acctID at mydomain.com'
	submission_relay_password   = 'acctPWD'

submission relay via dovecot proxy works as expected -- mail's
delivered/received by intended recipient.

in local dovecot logs I notice

	==> /var/log/dovecot/dovecot.log <=	2020-09-24 16:22:19
submission(recipient at example.com)<xxxxxxxxxxxxxxxx>: Warning:
smtp-client: conn smtp.fastmail.com:465 (66.111.4.140:465) [1]: Received invalid
EHLO response line: Unexpected character in EHLO keyword

at debug level

	==> /var/log/dovecot/dovecot-debug.log <=	2020-09-24 16:22:19
submission(recipient at example.com)<xxxxxxxxxxxxxxxx>: Debug:
smtp-client: conn smtp.fastmail.com:465 (66.111.4.140:465) [1]: command EHLO:
Got reply (1/1): 250 mail.messagingengine.com PIPELINING SIZE 73000000 AUTH
DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN AUTH=DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN
ENHANCEDSTATUSCODES 8BITMIME (1 commands pending, 0 commands queued)

it's clearly non-fatal, simply a warning.

i certainly do _not_ see this with every relay host, so suspect it's unique
to fastmail's EHLO response. at least within the set of hosts I've
tested.

i'd like to find/fix it ... either at my dovecot instance, or @ fastmail.

what's specifically invalid about

	250 mail.messagingengine.com PIPELINING SIZE 73000000 AUTH DIGEST-MD5 CRAM-MD5
NTLM LOGIN PLAIN AUTH=DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN ENHANCEDSTATUSCODES
8BITMIME

by dovecot's 'measure'?

On Friday 25 September 2020 12:56:50, PGNet Dev wrote:
> I'm setting up an alternative submission relay host for dovecot.  Atm,
it's pointing @ fastmail.com.
>
> with dovecot config,
>
> 	submission_relay_host       = smtp.fastmail.com
> 	submission_relay_port       = 465
> 	submission_relay_ssl        = smtps
> 	submission_relay_ssl_verify = no
> 	submission_relay_trusted    = yes
> 	submission_relay_user       = 'acctID at mydomain.com'
> 	submission_relay_password   = 'acctPWD'
>
> submission relay via dovecot proxy works as expected -- mail's
delivered/received by intended recipient.
>
> in local dovecot logs I notice
>
> 	==> /var/log/dovecot/dovecot.log <=> 	2020-09-24 16:22:19
submission(recipient at example.com)<xxxxxxxxxxxxxxxx>: Warning:
smtp-client: conn smtp.fastmail.com:465 (66.111.4.140:465) [1]: Received invalid
EHLO response line: Unexpected character in EHLO keyword
>
> at debug level
>
> 	==> /var/log/dovecot/dovecot-debug.log <=> 	2020-09-24 16:22:19
submission(recipient at example.com)<xxxxxxxxxxxxxxxx>: Debug:
smtp-client: conn smtp.fastmail.com:465 (66.111.4.140:465) [1]: command EHLO:
Got reply (1/1): 250 mail.messagingengine.com PIPELINING SIZE 73000000 AUTH
DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN AUTH=DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN
ENHANCEDSTATUSCODES 8BITMIME (1 commands pending, 0 commands queued)
>
> it's clearly non-fatal, simply a warning.
>
> i certainly do _not_ see this with every relay host, so suspect it's
unique to fastmail's EHLO response. at least within the set of hosts
I've tested.
>
> i'd like to find/fix it ... either at my dovecot instance, or @
fastmail.
>
> what's specifically invalid about
>
> 	250 mail.messagingengine.com PIPELINING SIZE 73000000 AUTH DIGEST-MD5
CRAM-MD5 NTLM LOGIN PLAIN AUTH=DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN
ENHANCEDSTATUSCODES 8BITMIME
>
> by dovecot's 'measure'?
The "=" in AUTH=PLAIN.

See: https://dovecot.org/pipermail/dovecot/2020-September/119854.html

    $ openssl s_client -connect smtp.fastmail.com:465
    ...
    220 smtp.fastmail.com ESMTP ready
    ehlo asdf
    250-smtp.fastmail.com
    250-PIPELINING
    250-SIZE 71000000
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250-AUTH PLAIN LOGIN
    250 AUTH=PLAIN LOGIN

Thanks,
Alec

On 9/26/20 6:45 AM, Alec Moskvin wrote:
>> what's specifically invalid about
>>
>> 	250 mail.messagingengine.com PIPELINING SIZE 73000000 AUTH DIGEST-MD5
CRAM-MD5 NTLM LOGIN PLAIN AUTH=DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN
ENHANCEDSTATUSCODES 8BITMIME
>>
>> by dovecot's 'measure'?
> 
> The "=" in AUTH=PLAIN.
> 
> See: https://dovecot.org/pipermail/dovecot/2020-September/119854.html
> 
>      $ openssl s_client -connect smtp.fastmail.com:465
>      ...
>      220 smtp.fastmail.com ESMTP ready
>      ehlo asdf
>      250-smtp.fastmail.com
>      250-PIPELINING
>      250-SIZE 71000000
>      250-ENHANCEDSTATUSCODES
>      250-8BITMIME
>      250-AUTH PLAIN LOGIN
>      250 AUTH=PLAIN LOGIN
> 
ah!  I'll take it up with fastmail.  thx!

On 26 Sep 2020, at 07:45, Alec Moskvin <alecm at gmx.com>
wrote:
>    250-AUTH PLAIN LOGIN
>    250 AUTH=PLAIN LOGIN
I believe this is not really an issue. The warning is just that, a warning. Some
(broken) mail clients, Immagonnaguess Microsoft ones, expected the =, so many
mail servers provide it.

AFAIK, It is safe to ignore the warning.

Ah, yes, I think this is it? (At least for Postfix)

<http://www.postfix.org/SASL_README.html>
> broken_sasl_auth_clients (default: no)
> Enable interoperability with remote SMTP clients that implement an obsolete
version of the AUTH command (RFC 4954). Examples of such clients are MicroSoft
Outlook Express version 4 and MicroSoft Exchange version 5.0.
> 
> Specify "broken_sasl_auth_clients = yes" to have Postfix
advertise AUTH support in a non-standard way.

It is probably safe for anyone to disable that, however, as I don't think
those old versions support modern TLS.


-- 
showing snuffy is when Sesame Street jumped the shark