Re: smtpd smtp_proceed_wiz function

2021-11-08 Thread Chris Cappuccio 
Crystal Kolipe [kolip...@exoticsilicon.com] wrote:
> On Mon, Nov 08, 2021 at 06:13:14PM +, Stuart Henderson wrote:
> > On 2021/11/08 14:52, Crystal Kolipe wrote:
> > > I'm not aware of a 'wiz' command in any SMTP related RFC.
> > This will become clear if you look into sendmail history :)
> 
> Got it :).
> 
> I assume that this won't be implemented in OpenBSD any time soon
> then.

We could emulate it and pretend that we are an ancient vulnerable 
verison of Sendmail, or pretty much any version since they all
contain a plethora of vulnerabilities.

While we're at it, maybe emulate Microsoft Exchange and EXIM :)

Chris

Re: smtpd smtp_proceed_wiz function

2021-11-08 Thread Crystal Kolipe 
On Mon, Nov 08, 2021 at 06:13:14PM +, Stuart Henderson wrote:
> On 2021/11/08 14:52, Crystal Kolipe wrote:
> > I'm not aware of a 'wiz' command in any SMTP related RFC.
> This will become clear if you look into sendmail history :)

Got it :).

I assume that this won't be implemented in OpenBSD any time soon
then.

Re: smtpd smtp_proceed_wiz function

2021-11-08 Thread Stuart Henderson 
On 2021/11/08 14:52, Crystal Kolipe wrote:
> src/usr.sbin/smtpd/smtp_session.c contains the following code:
> 
>   1892static void
>   1893smtp_proceed_wiz(struct smtp_session *s, const char *args)
>   1894{
>   1895smtp_reply(s, "500 %s %s: this feature is not supported 
> yet ;-)",
>   1896esc_code(ESC_STATUS_PERMFAIL, ESC_INVALID_COMMAND),
>   1897esc_description(ESC_INVALID_COMMAND));
>   1898}
> 
> This was added between revisions 1.194 and 1.195, with no mention in the
> changelog.
> 
> I'm not aware of a 'wiz' command in any SMTP related RFC.
> 
> Is this spurious debugging code related to the addition of DSN and enhanced
> status code support?  Or is it there as a way to identify servers that are
> running smtpd in the wild?  Or is there some other reason?
> 

This will become clear if you look into sendmail history :)

smtpd smtp_proceed_wiz function

2021-11-08 Thread Crystal Kolipe 
src/usr.sbin/smtpd/smtp_session.c contains the following code:

  1892  static void
  1893  smtp_proceed_wiz(struct smtp_session *s, const char *args)
  1894  {
  1895  smtp_reply(s, "500 %s %s: this feature is not supported yet 
;-)",
  1896  esc_code(ESC_STATUS_PERMFAIL, ESC_INVALID_COMMAND),
  1897  esc_description(ESC_INVALID_COMMAND));
  1898  }

This was added between revisions 1.194 and 1.195, with no mention in the
changelog.

I'm not aware of a 'wiz' command in any SMTP related RFC.

Is this spurious debugging code related to the addition of DSN and enhanced
status code support?  Or is it there as a way to identify servers that are
running smtpd in the wild?  Or is there some other reason?