Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 0 subscribers
  • Views 13011 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PureMessage RFC2821 violation..... And Support doesn't care...

jimhoelcor

Hi,

     I've been working with support on using PureMessage to prevent backscatter attacks.  In doing so I've found that PureMessage violates RFC2821 in how it handles RCPT TO: responses for invalid users.  Yes, I have a list of valid users for PureMessage to use.  Below is a sample session of the misbehavior.  What bothers me is that support would not accept the fact the product is broken saying this is not supported, after giving me the instructions to set it up..

StartSelection:0000000199 EndSelection:0000001176 220 maxima.mail.cornell.edu ESMTP Sendmail 8.14.4/8.14.4; Mon, 16 May 2011 10:47:52 -0400
helo lost.net
250 maxima.mail.cornell.edu Hello rrdhcp-68-312.redrover.cornell.edu [128.84.69.56], pleased to meet you
mail from: jwh2@cornell.edu
250 2.1.0 jwh2@cornell.edu... Sender ok
rcpt to: jwh222222222222@cornell.edu
250 2.1.5 jwh222222222222@cornell.edu... Recipient ok            Not Really, Should of been a 5XX error.
data
354 Enter mail, end with "." on a line by itself
silly test
.
555 5.0.0 Cornell Email User Not found
quit
221 2.0.0 maxima.mail.cornell.edu closing connection

:12999


This thread was automatically locked due to age.
Parents
  • 0

    Thanks for the clarification, Jim.

    Can't help you with PureMessage as I'm not responsible for PureMessage or the mail system at our site - I was just curious (having been "postmaster" for quite some time since the days before RFC0974).

    The sender should receive a bounce message

    While this is the behaviour required by the RFC that's probably something you don't want to happen if someone sends mail with a bogus MAIL FROM validaddress@cornell.edu as validaddress will then get "unsolicited" non-delivery reports. I've asked my co, we do recipient validation but entirely in Postfix before PureMessage gets involved. 

    Christian

    :13055
Reply
  • 0

    Thanks for the clarification, Jim.

    Can't help you with PureMessage as I'm not responsible for PureMessage or the mail system at our site - I was just curious (having been "postmaster" for quite some time since the days before RFC0974).

    The sender should receive a bounce message

    While this is the behaviour required by the RFC that's probably something you don't want to happen if someone sends mail with a bogus MAIL FROM validaddress@cornell.edu as validaddress will then get "unsolicited" non-delivery reports. I've asked my co, we do recipient validation but entirely in Postfix before PureMessage gets involved. 

    Christian

    :13055
Children
No Data