--On Tuesday, August 16, 2011 19:29 -0700 Randall Gellens
At 8:20 PM -0400 8/16/11, Hector Santos wrote:
NO QUIT means a cancellation because otherwise the only
other way to end a SMTP session is for the client to close
the socket connection.
To me, this sounds like a confusion between POP and SMTP. In
POP, not sending a QUIT cancels any pending deletions. In
SMTP, each MAIL transaction stands alone.
Interesting insight. Yes.
Sending a QUIT at
the very end is required, but failing to do so has no ill
effects (and there are a number of clients who don't bother).
Actually, there is a potentially bad effect, but it isn't on
mail transactions. Depending on the quality of TCP/IP
implementation on the server and some other factors, a client
close may not be noticed for some time. I.e., the client thinks
the connection had been closed, while the server is still
listening on it. I'll leave a discussion of all of the nasty
things that could be done by an attacker getting hold of a
connection in that state as an exercise, but that is at least
one of the reasons why the spec says "handshake then close"
rather than "just close".