[Top] [All Lists]

Re: RSET command - possible security loophole

2011-05-31 16:29:15

Hi Hector,
At 12:58 31-05-2011, Hector Santos wrote:
In regards to authentication, in our code, for IP based (Relay Tables, POPB4SMTP), it can not change the authentication based on IP. For ESMTP AUTH, once the session authenticated, per RFC2554, section 4, it will not allow another AUTH to be issued with a 503 response.

Is your implementation compliant with RFC 2554 or RFC 4954?