segmentation fault in dccproc (1.3.24)

John R Levine
Sun Dec 11 05:12:48 UTC 2005

> An alternate theory is that qmail generated the bogus Return-Path based
> on a bogus value in the Mail_From value from the spammer.  That's
> consistent with the X-Env-Sender header, whether qmail, the spammer,
> or something else added that header.  Do you consider that acceptable
> behavior from an MTA in this century?

The last time I checked, it doesn't do any validation on the bounce
address at all.

> One might say that would allow the de facto standard filtering for
> reasonable envelope values to be done outside the main MTA, but I'd ask
> whether that is actually possible. Does qmail allow external code to
> detect bogus Mail_From values and reject the SMTP transaction or must
> filtering either bounce non-delivery reports or backhole innocent hits?

Depends how hard you want to hack on it.  I haven't seen enough
syntactically bogus bounce addresses to bother.

John Levine,, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be,, Mayor
"A book is a sneeze." - E.B. White, on the writing of Charlotte's Web

More information about the DCC mailing list

Contact by mail or use the form.