At 1:20 AM -0500 11/16/01, Chris imposed structure on a stream of electrons, yielding: >>It is considered very bad manners in a client to try >>SMTP extensions that are not advertised... > >Really? I guess I need to add some smarts to my Baton Mail program (right >now it just tries each auth type it knows of until it finds one that >works).
How rude. :) >Is there actually any harm in just trying each type in turn? Probably not. It's hard to say. How does every MTA in the world deal with attempts to use facilities that it does not explicitly offer? > (and not >reading for supported types). That would be the right thing to do, as I expect you really understand. Connect, say EHLO, and see what comes back as a list of extensions. >I had looked at it in terms of, parsing the >types was hard to add to my program logic (early design flaw on my part), >so who was I going to annoy... a server? It just didn't seem worth the >effort. BUT... if there is possible harm from not checking (such as the >server may reject me after the first wrong type), then I might have to >look at working it in. There won't be harm to any reasonable server, but you might be amazed at how carefully some mail servers are watched for anomalies. I know of many which are monitored so that any unusual activity (such as a client sending a series of commands that the server doesn't understand) immediately pages a sysadmin. In addition, it should be noted that you really cannot rely on the behavior of AUTH services that are not advertised. If I was a sneaky bastard of a sysadmin running a mail server that doesn't really do AUTH, adding dummy code to mimic AUTH handling might be something I'd consider for making a honeypot. After all, no PROPER client will try AUTH commands if the facility is not advertised... -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
