WLM ignores SMTP 550 multiline server response and believes mail was sent

01. February 2016 · Write a comment · Categories: Uncategorized

Hi,

This is a serious bug I've found in Windows Live Mail version 16.4.3564.1216

WLM tries to send an email with SMTP, but after the DATA command the server send a 550 multiline replay (error response). The correct thing to do is to give an error to the user, and keep the message in the Outbox. Instead, WLM believes the mail was sent successfully and places the email in Sent Folder. The user have no way to know his/her email will never arrive.

I've seen this with a real SMTP server, do a wireshark capture, than reproduce the issue on 2 different  PCs, using the program netcat ( nc.exe ) to simulate a SMTP server ( in a cmd windows execute "nc.exe -l -p 2525" , configure WLM with a SMTP of localhost port 2525 and use copy and paste in cmd to send SMTP responses to WLM; instead of nc.exe there may be other utilities which do the same thing. It is possible that even Hyperterminal will work, although if it insist in negotiating telnet option this may confuse WLM)

Example of SMTP log:

220 example.net ESMTP
HELO myPC
250 example.net at your service
MAIL FROM: <*** Email address is removed for privacy ***>
250  OK
RCPT TO: <*** Email address is removed for privacy ***>
250 OK
DATA
354  Go ahead
[..............]
.
550-Your email contains a
550-prohibited attachment
550 Zip any executable in email and retry
QUIT

This is clearly an error, the email was not sent and WLM should notify the user. Instead it places the mail in Sent folder.

This only happens with multiline server responses. So, if the server had responded with "550 Your email contains a prohibited attachment. Zip any executable in email and retry" WLM would have behaved properly.

Multiline responses have been legal since the beginning of SMTP and they are used by existing SMTP servers ( if the response is to big for a single line ). So WLM should be fixed.

This issue may cause unnecessary calls to support departments of email providers.

Imagine this:

"Hello Postmaster, why the messages I sent never arrives ?"

"Hello [yahoo/google/other_big_email_provider] user. We receive this question tens of times per day. Please stop using WLM, it doesn't implement SMTP properly. We will post an notice on our webpage, read by millions, to warn people to stop using WLM because is so broken".

Adrian Buciuman

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.