mouss: > Oliver Block a ?crit : > > Wietse Venema schrieb: > >> That depends on how the Postfix sendmail command is invoked, > >> and you failed to supply that information. > >> > >> If invoked as "sendmail -bs", then the "." SEPARATES messages as > >> defined in the SMTP protocol. > >> > >> If invoked as "sendmail -i", then the "." becomes part of the message. > >> > >> Otherwise, the "." TERMINATES the message and the remainder is ignored. > >> > > > > So there is a potential risk if sendmail is invoked with the -bs option. > > I couldn't supply that information because that depends on individual > > configurations. > > > > Thank you for helping me to find clarity about that issue. > > > > the user can simply send any messages he wants with a tcp connection. so > what's the problem?
There is a problem when a user can "hijack" someone elses mail-generating application. It has been a problem with PHP-based applications, see http://www.google.com/search?q=php+mail+hijack Wietse
