Rip Toren wrote:
>
> It seems to me it has just become more obscure. The real problem seems
> to be the server on port 25 accepting the mail for forwarding. That
> input could come from a perl script, a telnet, or a custom program as
> well as Mozilla. Maybe the connection should be blocked in Telnet as
> well? Perl? where does it stop?
Rip, the difference between Mozilla and all of your examples is that in
your examples, the connection to the mail server can be traced back to
the initiator's IP address. In the case of Mozilla, it is traced back to
the *user's* IP address, while the initiator (the person who put up this
link on a webserver miles away) is untraceable.
I have to wonder though if there's a better way to solve this bug than
just block access to port 25. Isn't it sufficient to refuse to connect
to an ftp URL if CR or LF appear in the username or password (because
those characters are part of the protocol and no real ftp server could
ever accept them)? That way even if someone runs an SMTP server on the
ftp port, you *still* can't abuse it.
Stuart.
