On Tue, Mar 15, 2005 at 02:03:04PM -0800, Russ Allbery wrote:
Hector Santos <hsantos(_at_)santronics(_dot_)com> writes:
220 mail6.velocitywest.com ESMTP
helo hdev1
250 mail6.velocitywest.com
mail from: <>
250 ok
rcpt to: <dmq(_at_)gain(_dot_)com>
250 ok
data
354 go ahead
hi there david! No RFC Header!
.
250 ok 1110911858 qp 17196
PS: I didn't show it above, but at a minimum, your server should check
for MAIL FROM correct syntax. It accepted a typo address. That alone
will add some security.
qmail accepts a space before the envelope sender specifically because
sendmail does, and therefore many e-mail clients send it that way. This
gets back to that previous discussion about false positives on enforcement
of strict SMTP checking.
I had the impression that he was talking about something not shown, other
than the dialog above.
While we're off here on a tangent, qmail also takes things like:
mail blah:<mem(_at_)mv(_dot_)com>
rcpt to-diddly-do:<mem(_at_)geezer(_dot_)org>
(Although for this issue in particular, there are several different
SMTP front ends that can be used instead of qmail-smtpd that do stricter
checking.)
Indeed there are...
mm