Fix post-STARTTLS protocol bug.

After the TLS handshake, the server should *not* reply with a greeting again,
but it should wait for an EHLO, per RFC 3207 § 4.2 & 5. Previously the server
would re-send the greeting, which un-syncs the protocol.

diff --git a/smtp/conn.go b/smtp/conn.go
index ca24c100aa5898b5f924e4c1e1ce78ea20b8d706..1837027f93b806efcf9a6647e0ff43d1df831e64 100644 (file)
--- a/smtp/conn.go
+++ b/smtp/conn.go
@@ -188,21 +188,17 @@ func (conn *connection) doSTARTTLS() {
        conn.log.Info("doSTARTTLS()")
        conn.writeReply(220, "initiate TLS connection")
 
-       newConn := tls.Server(conn.nc, tlsConfig)
-       tp := textproto.NewConn(newConn)
-
-       err := tp.PrintfLine("220 %s ESMTPS [%s] (mailpopbox)",
-               conn.server.Name(), newConn.LocalAddr())
-       if err != nil {
+       tlsConn := tls.Server(conn.nc, tlsConfig)
+       if err := tlsConn.Handshake(); err != nil {
                conn.log.Error("failed to do TLS handshake", zap.Error(err))
                return
        }
 
-       conn.nc = newConn
-       conn.tp = tp
+       conn.nc = tlsConn
+       conn.tp = textproto.NewConn(tlsConn)
        conn.state = stateNew
 
-       connState := newConn.ConnectionState()
+       connState := tlsConn.ConnectionState()
        conn.tls = &connState
 
        conn.log.Info("TLS connection done", zap.String("state", conn.getTransportString()))