segmentation fault in dccproc (1.3.24)

John R Levine johnl@iecc.com
Sun Dec 11 05:12:48 UTC 2005


> An alternate theory is that qmail generated the bogus Return-Path based
> on a bogus value in the Mail_From value from the spammer.  That's
> consistent with the X-Env-Sender header, whether qmail, the spammer,
> or something else added that header.  Do you consider that acceptable
> behavior from an MTA in this century?

The last time I checked, it doesn't do any validation on the bounce
address at all.

> One might say that would allow the de facto standard filtering for
> reasonable envelope values to be done outside the main MTA, but I'd ask
> whether that is actually possible. Does qmail allow external code to
> detect bogus Mail_From values and reject the SMTP transaction or must
> filtering either bounce non-delivery reports or backhole innocent hits?

Depends how hard you want to hack on it.  I haven't seen enough
syntactically bogus bounce addresses to bother.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor
"A book is a sneeze." - E.B. White, on the writing of Charlotte's Web



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.