----- Original Message -----
From: "paddy" <paddy(_at_)panici(_dot_)net>
I thought the STARTTLS case Stuart pointed out was interesting ...
...
Here's a case where not only are there at least two EHLOs, but also
a fairly explicit prohibition against using the information in the first
later.
Which was one of the cons I provided against the CSV/DNA proposal.
What comes first, the chicken or the egg (CSV or STARTTLS)?
It was thrown aside as a "non-issue."
But to me, it clearly spelled out how it could only be used with STARTTLS
allowed in a session. Only check for EHLO validation ideas AFTER the next
state, MAIL FROM:
So you can have an efficient model like so:
EHLO blah
MAIL FROM: boohoo
[check for EHLO validation]
RCPT TO: wazoo
[check for MAIL FROM: validation]
In any case, multiple EHLO/HELO, mixed bad or good, it doesn't matter. What
is very clear is that you (the server) should not disconnect the session.
Allow the client to issue QUIT or disconnect itself. If you disconnecting
using some local policy rules or limits, you can most definitely run into
runaway reconnects. Until the session is satisfied in the eyes of the
client, it might not stop. So it is clearly best to allow the client to
quit or disconnect on its own.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com