Randall Gellens wrote:
At 1:07 PM -0400 8/16/11, Hector Santos wrote:
I've been seeing (maybe because I'm looking) more transactions from
one of more particular senders that include a <CRLF>.<CRLF> end of
data terminator in the body but continue with additional text after
the DATA has been accepted.
Investigating it seems to be something we can't reliably address
short of looking ahead of the receiver buffers to nullify these
This is something that is so broken I think the best course is to reject
it. Hopefully the sender will notice and fix their bug.
The problem is that a 250 was already issued once the <CRLF>.<CRLF> is
detected so the only current possible SMTP "allowed" action is to not
deliver (complete the transaction) due to a NO QUIT command
cancellation which is what happened in our server setup. I never saw
these IETF messages.
Looking further for other similar senders (within the past 3-4 days
logs) with this problem, I saw mainly two sender sources and each seem
to have two important different modes:
- A sender that only needs the 250 server response for message
completion, it will not try to resend even if the server dropped the
session with all the 500 responses, and
- A sender that sees 250, gets dropped due to all the 500 responses
and it will retry with the same repeated NO QUIT message canceled result.