On Jul 10, 2006, at 7:57 AM, Michael Lang wrote:
On Mon, 2006-07-10 at 09:17 -0500, Jim McCullars wrote:
On Sun, 9 Jul 2006, Dirk the Daring wrote:
Obviously, if I have sending hosts on my network that really
did have
non-routable addresses, this would be a possible problem (altho the
simple
I just reject when someone sends an IP address as a HELO, and it
is not
their actual IP address. In filter_sender():
i remember an exploit with negative Integers as helo name ... and as
RFC
821 states
"""This command is used to identify the sender-SMTP to the
receiver-SMTP. The argument field contains the host name
of
the sender-SMTP."""
If you're going to be a stickler about what the RFC says, in what you
require about the sender, then it's probably a good idea to be a
stickler about the RFC in how your server operates as well.
Specifically, you may not refuse the message based upon the HELO
argument.
My point being: Seems rather hypocritical to complain about the lack of
merits of the client based upon lack of RFC compliance ... while
advocating lack of RFC compliance in your server.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
