Well, I posted the following below to mimedefang, but didn't see a response.
Hopefully someone hear can answer this question? Also asked a few months ago on the sendmail list, but I think that the idea of adding a knob that would allow you to bend the spec was anathema to them... Even if the spec was written in a time well before spammers, email-propagated viruses, or paying for Internet carriage... I'd argue that it's a different world, and that protecting your resources from attack is sometimes more important than conformance to a specification that mandates "being liberal in what you accept, and conservative in what you send." Well, being liberal in what you accept makes your machine easier to exploit in what I can tell... -Philip ======== >Philip Prindeville wrote: > > > >>>Anyone familiar enough with the srvrsmtp.c code to recommend a >>>patch that would allow immediate failure of the filter_helo() response >>>rather than waiting for the next transition in the state machine? >>> >>> >> >> > > >Question still stands... > >I was looking at how the CMDMAIL code was handled, and it's: > >... >#if MILTER > if (smtp.sm_milterlist && smtp.sm_milterize && > !bitset(EF_DISCARD, e->e_flags)) > { > char state; > char *response; > > response = milter_envfrom(args, e, &state); > MILTER_REPLY("from"); > } >#endif /* MILTER */ >... > >And most of the work is done by the MILTER_REPLY() macro. > >Looking at CMDHELO, the code is partially duplicated from the >MILTER_REPLY() macro, and partially not. > >Was wondering if anyone knew the differences well enough to explain >them... > >Thanks, > >-Philip > > > >