From: <Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu>
Wonderful! Its worry about a space, but it doesn't
protect its own local domains! <g>
What can I say? Claus is a standards-conforming
kind of guy :)
Well, it also doesn't check for brackets syntax :-)
220 zardoc.esmtp.org ESMTP sendmail X.0.0.Alpha4.0
helo 65.10.44.25
250 zardoc.esmtp.org Hi there
No big deal. :-)
In what sense is the handling of the HELO parameter
failing to "protect" the domain?
Because protection of your OWN domains has 100% trust behind it.
If you are going to have a strict syntax for the minor space issue on the
MAIL command which has no SMTP level correlation as a malicious sender, then
the HELO domain literal syntax RFC requirement which does have a strong SMTP
level correlation as a malicious sender (when checking for local domain/ip
spoofing) should be applied.
Like I said, no big deal. :-)
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com