lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040304091325.GB3021@josefina.dcit.cz>
From: martin.macok at underground.cz (Martin Mačok)
Subject: RFC and silent discarding of e-mails (was: Backdoor not recognized by Kaspersky)

On Thu, Mar 04, 2004 at 12:01:54AM -0600, Mike Barushok wrote:

> Then there is the 'rejection' problem. If the mail is not accepted,
> laws prohibit silently discarding it.

Yes, your SMTP servers should not silently discard the message to
comply with RFC 2821 (SMTP) but keep in mind that they also should not
inspect the content of the message and should assume the message is
valid.

On the other side - your application-level firewalls (SMTP filters)
can implement any "safe" subset of SMTP and are allowed to break RFC
2821 for valid reasons. See RFC 3234 (Middleboxes: Taxonomy and
Issues) and RFC 2979 (Firewall Requirements).

Martin Ma?ok


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ