On Monday 10 November 2008, Patrick Webster wrote: > Hi list, > > I noticed the smtp_deliver.rb and smtp.rb exploit handler does not > adhere to RFC. > > http://www.ietf.org/rfc/rfc0821.txt > > When using an RFC enforcing proxy to send email client exploits, the > message is rejected solely based on RFC compliance. > > Two issues: > > 1) The RCPT TO and MAIL FROM should have <> for RFC > 2) The HELO/EHLO Rex::Text.rand_text... is not a real domain, so is > rejected. Additionally, some proxies require the domain to be > realistic based on DNS/MX etc. > > What are your thoughts? I'd change it but need to be careful not to > break other's modules [1]. > > A simple change may be to set the datastore MAILFROM/MAILTO to include > the <> as a string. > > [1] My unix\smtp\clamav_milter_blackhole.rb module will break if the > handler is changed, but simple fix.
I would suggest updating the library, but also patching the few SMTP modules to call the raw version until we get a chance to verify. By making the default RFC-compliant, it should help things going forward. -HD _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
