[Full-Disclosure] RFC and silent discarding of e-mails (was: Backdoor not recognized by Kaspersky)
martin.macok at underground.cz
Thu Mar 4 09:13:25 GMT 2004
On Thu, Mar 04, 2004 at 12:01:54AM -0600, Mike Barushok wrote:
> Then there is the 'rejection' problem. If the mail is not accepted,
> laws prohibit silently discarding it.
Yes, your SMTP servers should not silently discard the message to
comply with RFC 2821 (SMTP) but keep in mind that they also should not
inspect the content of the message and should assume the message is
On the other side - your application-level firewalls (SMTP filters)
can implement any "safe" subset of SMTP and are allowed to break RFC
2821 for valid reasons. See RFC 3234 (Middleboxes: Taxonomy and
Issues) and RFC 2979 (Firewall Requirements).
Full-Disclosure is hosted and sponsored by Secunia.