David Weitzman wrote:
Yes, as you say, there's nothing wrong with servers that happen to accept the illegal input. That's what I'm suggesting we should do.Serge Knystautas wrote:I know it's unkosher to be filling the buffer before you've received DATA, but I know sendmail, qmail, exchange, and probably others handle this ok. I'll file this in bugzilla.It's not only unkosher, it's illegal. See RFC 2821 section 4.3.1 (http://www.ietf.org/rfc/rfc2821.txt) and RFC 2920 (http://www.ietf.org/rfc/rfc2920.txt). Those rules are important to me as someone who intends to implement SMTP with nonblocking IO. There's nothing wrong with servers that happen to accept the illegal input, but clients "MUST NOT" send it. David Weitzman
Spammers will send email this way, and I'd rather not have their already wasteful emails leave me with a bunch of open connections. I'd prefer to close the connection and be done with the transaction. As is, my mail server will receive all the TCP data, it sits in some odd buffer, sit with an open connection until it times out, and then the data gets dumped and I don't even get a chance to log and do whatever else to make sure I can catch more spam in the future.
Anyway, this also smells like a great DOS opportunity. I appreciate Peter closing the bug before discussing it, too. Thanks.
--
Serge Knystautas
Loki Technologies - Unstoppable Websites
http://www.lokitech.com
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
