[Top] [All Lists]

Re: RSET command - possible security loophole

2011-05-31 10:15:41

John Levine <johnl(_at_)taugh(_dot_)com> wrote:

I have observed a "security loophole" where by spammers are
increasingly using RSET to avoid new local policy-based anti-spam
technologies such as DNSRBL, SPF, Greylisting, etc, at the SMTP level
and this is because the transaction "state" tables during the same
session were cleared.

I've never seen that, but if it happens, it's a bug in the mail
server, not a bug in the spec.

No change to 5321 bis, please.

Right. It's the transaction state that is cleared. If the MTA keeps
per-connection state then that needs to be retained e.g. no point
re-doing DNS lookups.

f.anthony.n.finch  <dot(_at_)dotat(_dot_)at>
Rockall, Malin, Hebrides: South 5 to 7, occasionally gale 8 at first in
Rockall and Malin, veering west or northwest 4 or 5, then backing southwest 5
or 6 later. Rough or very rough. Occasional rain. Moderate or good,
occasionally poor.