COMMAND PIPELINING

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

COMMAND PIPELINING

Jos Chrispijn-4
Can someone tell me what this server tries to accomplish:

COMMAND PIPELINING from [183.89.214.13]:44487 after ???: \000\234\000\235\000/\0005\300\022\000\n\001\000\000d\000\000\000\023\000\021\000\000\016mail.some.net\000\005\000\005\001\000\000\000\000\000\n\000\n\000\b\000\035\000\027\000\030\000\031\000\v\000\002\001\000\000\r\000\030\000\026\b\004\b\005\b\006\004\001\004\003\005\001\005\003\006\001\006\003\002\001\002\003\377\001\000\001

Thanks,
Jos Chrispijn
-- With both feet on the ground you can't make any step forward
Reply | Threaded
Open this post in threaded view
|

Re: COMMAND PIPELINING

Viktor Dukhovni
On Wed, Jan 29, 2020 at 08:45:35PM +0100, Jos Chrispijn wrote:

> Can someone tell me what this server tries to accomplish:
>
> COMMAND PIPELINING from [183.89.214.13]:44487 after ???:
> \000\234\000\235\000/\0005\300\022\000\n\001\000\000d\000\000\000\023\000\021\000\000\016mail.some.net\000\005\000\005\001\000\000\000\000\000\n\000\n\000\b\000\035\000\027\000\030\000\031\000\v\000\002\001\000\000\r\000\030\000\026\b\004\b\005\b\006\004\001\004\003\005\001\005\003\006\001\006\003\002\001\002\003\377\001\000\001

That's not enough context to tell.  Would need to know the preceding
sequence.  If this keeps happening, you'll need to make a PCAP capture
of an SMTP session from that server.

--  
    Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: COMMAND PIPELINING

Jos Chrispijn-4
On 29-1-20 21:19, Viktor Dukhovni wrote:

> That's not enough context to tell.  Would need to know the preceding
> sequence.  If this keeps happening, you'll need to make a PCAP capture
> of an SMTP session from that server.
Thanks, will include more information next time I notice it.

Best, Jos

-- With both feet on the ground you can't make any step forward
Reply | Threaded
Open this post in threaded view
|

Re: COMMAND PIPELINING

Wietse Venema
In reply to this post by Jos Chrispijn-4
Jos Chrispijn:
> Can someone tell me what this server tries to accomplish:
>
> COMMAND PIPELINING from [183.89.214.13]:44487 after ???:
> \000\234\000\235\000/\0005\300\022\000\n\001\000\000d\000\000\000\023\000\021\000\000\016mail.some.net\000\005\000\005\001\000\000\000\000\000\n\000\n\000\b\000\035\000\027\000\030\000\031\000\v\000\002\001\000\000\r\000\030\000\026\b\004\b\005\b\006\004\001\004\003\005\001\005\003\006\001\006\003\002\001\002\003\377\001\000\001
>

Translation:

The client sent three bytes of garbage ending in <CR><LF> or just
<LF>. That garbage was logged as ??? because it wasn't printable
ASCII.

The garbage, logged as ??? and followed by <CR><LF> or just <LF>,
was immediately followed by other garbage, which was logged in octal
notation (a lossless transformation to printable ASCII). That garbage
triggered the COMMAND PIPELINING condition.

It might make sense to log commands also in a losless form. Because
then we would have the complete client input (except that one would
have to enable the 'bare newline' postscreen test to reveal if the
client sent <CR><LF> or just <LF>).

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: COMMAND PIPELINING

Jos Chrispijn-4
On 30-1-20 16:00, Wietse Venema wrote:

> It might make sense to log commands also in a losless form. Because
> then we would have the complete client input (except that one would
> have to enable the 'bare newline' postscreen test to reveal if the
> client sent <CR><LF> or just <LF>).
>
Thanks, understood.


-- With both feet on the ground you can't make any step forward