Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 13012 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PureMessage RFC2821 violation..... And Support doesn't care...

jimhoelcor

Hi,

     I've been working with support on using PureMessage to prevent backscatter attacks.  In doing so I've found that PureMessage violates RFC2821 in how it handles RCPT TO: responses for invalid users.  Yes, I have a list of valid users for PureMessage to use.  Below is a sample session of the misbehavior.  What bothers me is that support would not accept the fact the product is broken saying this is not supported, after giving me the instructions to set it up..

StartSelection:0000000199 EndSelection:0000001176 220 maxima.mail.cornell.edu ESMTP Sendmail 8.14.4/8.14.4; Mon, 16 May 2011 10:47:52 -0400
helo lost.net
250 maxima.mail.cornell.edu Hello rrdhcp-68-312.redrover.cornell.edu [128.84.69.56], pleased to meet you
mail from: jwh2@cornell.edu
250 2.1.0 jwh2@cornell.edu... Sender ok
rcpt to: jwh222222222222@cornell.edu
250 2.1.5 jwh222222222222@cornell.edu... Recipient ok            Not Really, Should of been a 5XX error.
data
354 Enter mail, end with "." on a line by itself
silly test
.
555 5.0.0 Cornell Email User Not found
quit
221 2.0.0 maxima.mail.cornell.edu closing connection

:12999


This thread was automatically locked due to age.
Parents
  • 0

    Hello Jim,

    the transaction you posted is IMO not exactly a violation (However, in practice, some servers do not perform recipient verification until after the message text is received. These servers SHOULD treat a failure for one or more recipients as a "subsequent failure" and return a mail message as discussed in section 6) although not full compliance (and I'm not sure I'd expect 555 here).

    However the following cases would be a violation:

    1. A 5xx reply on the <CRLF>.<CRLF> if at least one of the recipients is valid
    2. A 250 reply on a VRFY command with an invalid address (and a 500|502 reply not being fully compliant)

    Incidentally from your example I'm not sure I fully understand what you are trying achieve (or to avoid) and what you've set up.

    Christian

    :13029
Reply
  • 0

    Hello Jim,

    the transaction you posted is IMO not exactly a violation (However, in practice, some servers do not perform recipient verification until after the message text is received. These servers SHOULD treat a failure for one or more recipients as a "subsequent failure" and return a mail message as discussed in section 6) although not full compliance (and I'm not sure I'd expect 555 here).

    However the following cases would be a violation:

    1. A 5xx reply on the <CRLF>.<CRLF> if at least one of the recipients is valid
    2. A 250 reply on a VRFY command with an invalid address (and a 500|502 reply not being fully compliant)

    Incidentally from your example I'm not sure I fully understand what you are trying achieve (or to avoid) and what you've set up.

    Christian

    :13029
Children
No Data