MAIL FROM accepted before HELO/EHLO greeting

[rsingha108]

Description

Mailpit accepts a MAIL FROM command before any HELO/EHLO greeting, returning a 250 response instead of rejecting the command. This violates SMTP sequencing requirements and allows a mail transaction to start without the mandatory greeting phase.

Affected Version

v1.28

Steps to Reproduce

1. Start Mailpit (Docker: axllent/mailpit:v1.28) and ensure it is listening on 127.0.0.1:8030.
2. From a terminal, connect to Mailpit: telnet 127.0.0.1 8030 (or nc 127.0.0.1 8030 ensuring CRLF line endings).
3. After the 220 banner, send: MAIL FROM:alice@example.com followed by CRLF.
4. Observe the server’s response.

Buggy Behavior

Mailpit responds with 250 2.1.0 Ok to MAIL FROM even though no HELO/EHLO was issued first, allowing the transaction to proceed.

Expected Behavior

The server should reject MAIL FROM before any HELO/EHLO with 503 Bad sequence of commands (or an equivalent 5.5.x error).
As per RFC [4.1.1.1] In any event, a client MUST issue HELO or EHLO before starting a mail transaction.

[axllent]

I have released v1.28.4 which includes a fix for this. Thank you (and your AI tools) for finding the bug.