~ line #3805
-----
if($e=~/[EMAIL PROTECTED]@/) {
# blatent attempt at relaying
-----My observations and assumptions - feel free to hit me with a clue-by-four:This regexp is blocking SMTP sessions that use the ORCPT command to deliver/redirect DSNs to addresses that contain bang-paths. The regexps use in ASSP is of course valid under normal recipient circumstances, but perhaps the ORCPT command should be excluded from the filter since this is a redirection of DSNs and does not relate to the recipient.
Example per my log: -----Jan-10-08 14:09:27 X.X.X.X <[EMAIL PROTECTED]> relay attempt blocked for (evil): <[EMAIL PROTECTED]> ORCPT=rfc822;[EMAIL PROTECTED]
-----Its been my understanding that under normal circumstances that bang-paths are not considered valid in SMTP addressing, but can be valid under certain circumstance (see: http://tools.ietf.org/html/rfc3696#section-3). I don't know if this is one of the cases, or what - but it seems to me that in any event that the ORCPT command should be excluded from this regexp.
Thanks for looking into this. -Micheal PS: Blatent[sic] is spelled "blatant")
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
