[Top] [All Lists]

Re: Mail Data termination

2011-08-16 19:53:40

--On Tuesday, August 16, 2011 15:19 -0700
ned+ietf-smtp(_at_)mrochek(_dot_)com wrote:

sorry, I misunderstood what was being suggested.   if the
server gets DATA followed by a message (or a message
fragment) followed by CRLF.CRLF, it should accept the message
(or fragment) and deliver it.  no matter what else follows,
or doesn't follow, during the same SMTP session .


+1 also

That is certainly what the spec says now and almost certainly
what it should say.  Anything following CRLF.CRLF is either an
SMTP command that is valid in that context or noise (which
should get a syntax error).   Trying to allow for, much less
standardize, the behavior an SMTP receiver should exhibit when
the sending system can't do dot-stuffing properly is a recipe
for many bad things happening as well as an opportunity for
attack.  Given various attack scenarios, my personal opinion is
that a server should not tolerate more than a couple of lines of
noise after successful EOD (CRLF.CRLF) before simply shutting
things down by closing the connection.  The standard explicitly
permits, but does not particularly encourage, much less require,
that behavior.  Again, I think that is how it should be.  

By the way, SM wrote...

Yes.  The SMTP server mentioned that it is accepting the
message (up to the end-of-data terminator.  Rejecting the
message is not an option once the message has been accepted.

But, while doing so has other disadvantages, the spec certainly
permits an SMTP server to accept the message and then send back
an NDN message, potentially with a nastygram.  So, while
rejecting is not an option, the SMTP server still has
standards-conforming options for not delivering it.


<Prev in Thread] Current Thread [Next in Thread>