Hi,
To quote RFC-1985:
"Both of these situations could currently be fixed using the TURN command
defined in [1], if it were not for a large security loophole in the TURN
command. As it stands, the TURN command will reverse the direction of the
SMTP connection and assume that the remote host is being honest about what
its name is. The security loophole is that there is no documented
stipulation for checking the authenticity of the remote host name, as given
in the HELO or EHLO command. As such, most SMTP and ESMTP implementations
do not implement the TURN command to avoid this security loophole.
This has been addressed in the design of the ETRN command. This extended
turn command was written with the points in the first paragraph in mind,
yet paying attention to the problems that currently exist with the TURN
command. The security loophole is avoided by asking the server to start a
new connection aimed at the specified client. "
Thus my understanding has always been most SMTP/ESMTP capable hosts support
ETRN in favour of TURN. I suspect alot of the confusion stems from it being
a recommendation, rather than a hard-and-fast rule. (Unless i've missed an
RFC?).
Regards,
Chris.
At 06:14 PM 3/20/01 +0100, Skough Axel U/IT-S wrote:
>Dear Nicolaj,
>
>This is not an "off-topic" quesation, but the TURN command is optional and
>refers to changing the SMTP roles (sender-receiver) as described in the RFC
>821, Chapter 3.8 "Changing Roles". I do not think that this command has been
>obsoleted, but as pointed out, the command is optional and doesn't need to
>be implemented. If not implemented, you should receive a "502" reply code.
>
>Hope this helps!
>
>regards,
>
>Axel
>
>-----Ursprungligt meddelande-----
>Från: Nicolaj Willerup [mailto:[EMAIL PROTECTED]]
>Skickat: den 20 mars 2001 16.29
>Till: firewalls@Lists. GNAC. NET
>Ämne: I apologize for any inconvenience I may cause as this may be OT,
>
>
>but I'm writing my thesis and I'm on the lookout for any info regarding
>changes
>in the TCP/IP standards caused by exploits such as the earlier SMTP
>command "TURN", as described in O'Reilly's "Building Internet Firewalls".
>
>Any help would be much appreciated!!
>
>--
>Back to lurking
>--
>Med venlig hilsen /Regards
>Nicolaj Willerup
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
