Tweaking sendmail...

[Philip Prindeville <ph...@redfish-solutions.com>]

Well, I posted the following below to mimedefang, but didn't see a response.

Hopefully someone hear can answer this question?  Also asked a few months
ago on the sendmail list, but I think that the idea of adding a knob
that would
allow you to bend the spec was anathema to them...  Even if the spec was
written in a time well before spammers, email-propagated viruses, or paying
for Internet carriage...

I'd argue that it's a different world, and that protecting your
resources from
attack is sometimes more important than conformance to a specification that
mandates "being liberal in what you accept, and conservative in what you
send."

Well, being liberal in what you accept makes your machine easier to exploit
in what I can tell...

-Philip
========

>Philip Prindeville wrote:
>
>  
>
>>>Anyone familiar enough with the srvrsmtp.c code to recommend a
>>>patch that would allow immediate failure of the filter_helo() response
>>>rather than waiting for the next transition in the state machine?
>>>  
>>>
>>    
>>
>
>
>Question still stands...
>
>I was looking at how the CMDMAIL code was handled, and it's:
>
>...
>#if MILTER
>                        if (smtp.sm_milterlist && smtp.sm_milterize &&
>                            !bitset(EF_DISCARD, e->e_flags))
>                        {
>                                char state;
>                                char *response;
>
>                                response = milter_envfrom(args, e, &state);
>                                MILTER_REPLY("from");
>                        }
>#endif /* MILTER */
>...
>
>And most of the work is done by the MILTER_REPLY() macro.
>
>Looking at CMDHELO, the code is partially duplicated from the
>MILTER_REPLY() macro, and partially not.
>
>Was wondering if anyone knew the differences well enough to explain
>them...
>
>Thanks,
>
>-Philip
>
>
>  
>