On Monday, November 6, 2006, 00:49:58, Matt wrote: > I clearly stated that this violates the RFC, but there are 4 facts that > you and others must understand. > 1) RFC 821 (Simple Mail Transfer Protocol, circa 1982) which defines > this behavior was written 24 years ago.
Its still the standard (with various extensions) which dictates how a SMTP server should behave. > 2) Regardless of how IMail currently behaves under these conditions, > Micrsoft and SmarterMail servers do behave this way, and most > servers have no issues with this behavior. Its non standard. > 3) It is a vulnerability to accept unlimited amounts of data by > SMTP, and the only way to stop this effectively is to not just stop > it mid-sream, but also respond to it midstream so that it doesn't > get respooled and resent. Every IMail server will accept an E-mail > up to the capacity of the spool drive, but other servers like > Exchange and SmarterMail won't. Any MTA is free to throw away the data whilst waiting for the end of data indication. > 4) The lack of support for RFC 1870 (SMTP Service Extension for > Message Size Declaration, circa 1995) only makes matters worse. > Over 95% of the real-world issues would be resolved with proper > support for this. This however wouldn't close the vulnerability on > it's own or resolve issues with standard/old-style SMTP connections. No disagreement here, proper implementation of RFC 1870 whould be high on the todo list. > ... > If you have an alternative recommendation for closing the hole in the > RFC, please offer it up, but if you have no recommendation for how to > close this hole, please don't get in the way. The IETF accepts submissions from individuals. If you feel so strongly about it write up a proposal for an extension to make an early DATA response permissible. -- [EMAIL PROTECTED] "The avalanche has already started, it is too Rod Dorman late for the pebbles to vote." - Ambassador Kosh To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
