[Top] [All Lists]

Re: RSET command - possible security loophole

2011-05-30 17:30:41

On May 30, 2011, at 5:10 PM, Hector Santos wrote:
  This command specifies that the current mail transaction will be
  aborted.  Any stored sender, recipients, and mail data MUST be
  discarded, and all buffers and state tables cleared.

The counter-argument I'd make, interpretation-wise, is that the receiving-MTA 
must revert to the same data-state it was in prior to connection, where, in 
your example, <StudentAid(_at_)greatsunshines(_dot_)com> has never made a 
message-attempt before. Thus, on the second attempt, it should be treated the 
same as the first, because by RSET'ing the sending-MTA cleared the state. Only 
on a QUIT or connection-drop should the receiving MTA then decide what to do 
with its state data (such as greylisted senders that made attempts during that 

That interpretation opens up the following situation as problematic:

Mail from: foo
rcpt to: bar
[blah blah blah]
mail from baz
rcpt to mat

because in that interpretation, 'foo's attempt would never make it into any 
sort of permanent state.

My reading of the RFC would be much closer to THAT being the special case that 
needs to be made (that you CAN stash and set aside for later processing some 
state-data received prior to a RSET). But that's not really all that much of a 
logistic stretch to make.

Just my $0.02 worth.