fix: fixed case when ENHANCEDSTATUSCODES enabled and it was sending a status code in initial connection, HELO, EHLO, or LHLO commands (which was against RFC spec and caused mail client issues, e.g. Apple Mail when advertising capabilities in EHLO)

titanism · titanism · commit 9657f92332f0 · 2025-08-05T11:05:33.000-05:00
diff --git a/lib/smtp-connection.js b/lib/smtp-connection.js
@@ -51,6 +51,13 @@ const ENHANCED_STATUS_CODES = {
     556: '5.1.10' // RCPT TO syntax error
 };
 
+// Skip enhanced status codes for initial greeting and HELO/EHLO responses
+const SKIPPED_COMMANDS_FOR_ENHANCED_STATUS_CODES = new Set([
+  'HELO',
+  'EHLO',
+  'LHLO'
+]);
+
 // Context-specific enhanced status code mappings
 const CONTEXTUAL_STATUS_CODES = {
     // Mail transaction specific codes
@@ -192,7 +199,7 @@ class SMTPConnection extends EventEmitter {
         this._setListeners(() => {
             // Check that connection limit is not exceeded
             if (this._server.options.maxClients && this._server.connections.size > this._server.options.maxClients) {
-                return this.send(421, this.name + ' Too many connected clients, try again in a moment');
+                return this.send(421, this.name + ' Too many connected clients, try again in a moment', false);
             }
 
             // Keep a small delay for detecting early talkers
@@ -255,7 +262,7 @@ class SMTPConnection extends EventEmitter {
                 );
 
                 if (err) {
-                    this.send(err.responseCode || 554, err.message);
+                    this.send(err.responseCode || 554, err.message, false);
                     return this.close();
                 }
 
@@ -271,7 +278,8 @@ class SMTPConnection extends EventEmitter {
                         this.name +
                             ' ' +
                             (this._server.options.lmtp ? 'LMTP' : 'ESMTP') +
-                            (this._server.options.banner ? ' ' + this._server.options.banner : '')
+                            (this._server.options.banner ? ' ' + this._server.options.banner : ''),
+                        false
                     );
 
                     if (typeof next === 'function') {
@@ -330,7 +338,7 @@ class SMTPConnection extends EventEmitter {
      *
      * @param {Number} code Response code
      * @param {String|Array} data If data is Array, send a multi-line response
-     * @param {String} context Optional context for enhanced status codes
+     * @param {String|Boolean} context Optional context for enhanced status codes
      */
     send(code, data, context) {
         let payload;
@@ -531,17 +539,17 @@ class SMTPConnection extends EventEmitter {
 
         // If server already closing then ignore commands
         if (this._server._closeTimeout) {
-            return this.send(421, 'Server shutting down');
+            return this.send(421, 'Server shutting down', commandName);
         }
 
         if (!this._ready) {
             // block spammers that send payloads before server greeting
-            return this.send(421, this.name + ' You talk too soon');
+            return this.send(421, this.name + ' You talk too soon', commandName);
         }
 
         // block malicious web pages that try to make SMTP calls from an AJAX request
         if (/^(OPTIONS|GET|HEAD|POST|PUT|DELETE|TRACE|CONNECT) \/.* HTTP\/\d\.\d$/i.test(command)) {
-            return this.send(421, 'HTTP requests not allowed');
+            return this.send(421, 'HTTP requests not allowed', commandName);
         }
 
         if (this._upgrading) {
@@ -566,7 +574,7 @@ class SMTPConnection extends EventEmitter {
                 switch (commandName) {
                     case 'HELO':
                     case 'EHLO':
-                        this.send(500, 'Error: ' + commandName + ' not allowed in LMTP server');
+                        this.send(500, 'Error: ' + commandName + ' not allowed in LMTP server', false);
                         return setImmediate(callback);
                     case 'LHLO':
                         commandName = 'EHLO';
@@ -582,10 +590,10 @@ class SMTPConnection extends EventEmitter {
             // if the user makes more
             this._unrecognizedCommands++;
             if (this._unrecognizedCommands >= 10) {
-                return this.send(421, 'Error: too many unrecognized commands');
+                return this.send(421, 'Error: too many unrecognized commands', commandName);
             }
 
-            this.send(500, 'Error: command not recognized');
+            this.send(500, 'Error: command not recognized', commandName);
             return setImmediate(callback);
         }
 
@@ -599,7 +607,7 @@ class SMTPConnection extends EventEmitter {
         ) {
             this._unauthenticatedCommands++;
             if (this._unauthenticatedCommands >= this._maxAllowedUnauthenticatedCommands) {
-                return this.send(421, 'Error: too many unauthenticated commands');
+                return this.send(421, 'Error: too many unauthenticated commands', commandName);
             }
         }
 
@@ -642,22 +650,24 @@ class SMTPConnection extends EventEmitter {
     /**
      * Gets the appropriate enhanced status code for a given SMTP response code and context
      * @param {Number} code SMTP response code
-     * @param {String} context Optional context for more specific status codes
+     * @param {String|Boolean} context Optional context for more specific status codes
      * @returns {String} Enhanced status code or empty string if not applicable
      */
     _getEnhancedStatusCode(code, context) {
-        if (!this._useEnhancedStatusCodes()) {
+        if (context === false || !this._useEnhancedStatusCodes()) {
             return '';
         }
 
-        // Skip enhanced status codes for initial greeting and HELO/EHLO responses
-        // This is handled by checking the context in the calling code
-
         // Skip 3xx responses as per RFC 2034
         if (code >= 300 && code < 400) {
             return '';
         }
 
+        // Skip enhanced status codes for initial greeting and HELO/EHLO responses
+        if (context && SKIPPED_COMMANDS_FOR_ENHANCED_STATUS_CODES.has(context)) {
+            return '';
+        }
+
         // Use contextual codes if available
         if (context && CONTEXTUAL_STATUS_CODES[context]) {
             return CONTEXTUAL_STATUS_CODES[context];
@@ -831,7 +841,7 @@ class SMTPConnection extends EventEmitter {
         let hostname = parts[1] || '';
 
         if (parts.length !== 2) {
-            this.send(501, 'Error: syntax: ' + (this._server.options.lmtp ? 'LHLO' : 'EHLO') + ' hostname');
+            this.send(501, 'Error: syntax: ' + (this._server.options.lmtp ? 'LHLO' : 'EHLO') + ' hostname', false);
             return callback();
         }
 
@@ -862,7 +872,7 @@ class SMTPConnection extends EventEmitter {
         }
 
         this._resetSession(); // EHLO is effectively the same as RSET
-        this.send(250, [this.name + ' Nice to meet you, ' + this.clientHostname].concat(features || []));
+        this.send(250, [this.name + ' Nice to meet you, ' + this.clientHostname].concat(features || []), false);
 
         callback();
     }
@@ -875,14 +885,14 @@ class SMTPConnection extends EventEmitter {
         let hostname = parts[1] || '';
 
         if (parts.length !== 2) {
-            this.send(501, 'Error: Syntax: HELO hostname');
+            this.send(501, 'Error: Syntax: HELO hostname', false);
             return callback();
         }
 
         this.hostNameAppearsAs = hostname.toLowerCase();
 
         this._resetSession(); // HELO is effectively the same as RSET
-        this.send(250, this.name + ' Nice to meet you, ' + this.clientHostname);
+        this.send(250, this.name + ' Nice to meet you, ' + this.clientHostname, false);
 
         callback();
     }
