*** Hanno Böck <ha...@hboeck.de> wrote: > Am Mittwoch 12 August 2009 schrieb Michael Meyer: > > As I wrote: > > > > http://www.remote.org/jochen/mail/info/address.html#percenthack > > "The so called percent hack is another form of source route." > > Okay, thanks for the information. Though I read there: > "So it sends the mail on to mail.mit.edu and so on. This use of the percent > sign is deprecated because of the associated risk of spam relaying. (See > above.) > > Note that there is no official document, that makes the percent sign special. > It is strictly up to the receiving host, whether it will interpret the > percent > sign in this special way." > > Conclusion: > a) it's not official > b) it's deprecated
c) AFAIK many MTAs (sendmail,exim,qmail,...) support the "percent hack". > So what the openvas-test does is assuming a delivery that doesn't happen. The > way openvas works it can't check. If we wanna keep that check, we should at > least put some more information into the warning. I dont't know if we *realy* need this check. I'm not a "specialist" for MTAs. I have seen that some "Open-Relay-Tests" on the internet do checks for the "percent hack" too. I agree that we need to put some more information into the warning if we keep this check. Hm... http://homepages.tesco.net/J.deBoynePollard/FGA/smtp-erroneous-open-relay-tests.html Micha _______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
