ietf-smtp
[Top] [All Lists]

Re: (lack of) message header field ordering

2005-03-15 16:08:11

On Tue, Mar 15, 2005 at 02:03:04PM -0800, Russ Allbery wrote:
Hector Santos <hsantos(_at_)santronics(_dot_)com> writes:

220 mail6.velocitywest.com ESMTP
helo hdev1
250 mail6.velocitywest.com
mail from: <>
250 ok
rcpt to: <dmq(_at_)gain(_dot_)com>
250 ok
data
354 go ahead
hi there david! No RFC Header!
.
250 ok 1110911858 qp 17196

PS: I didn't show it above, but at a minimum, your server should check
for MAIL FROM correct syntax. It accepted a typo address.  That alone
will add some security.

qmail accepts a space before the envelope sender specifically because
sendmail does, and therefore many e-mail clients send it that way.  This
gets back to that previous discussion about false positives on enforcement
of strict SMTP checking.

I had the impression that he was talking about something not shown, other
than the dialog above.

While we're off here on a tangent, qmail also takes things like:

   mail blah:<mem(_at_)mv(_dot_)com>
   rcpt to-diddly-do:<mem(_at_)geezer(_dot_)org>

(Although for this issue in particular, there are several different
SMTP front ends that can be used instead of qmail-smtpd that do stricter
checking.)

Indeed there are...

mm