[EXIM] logging illegal SMTP commands?

Top Page
Delete this message
Reply to this message
Author: Marc Haber
Date:  
To: exim-users
Subject: [EXIM] logging illegal SMTP commands?
Hi!

|mh@torres:/mnt/main6/home/mh > telnet localhost 25
|Trying 127.0.0.1...
|Connected to localhost.
|Escape character is '^]'.
|220 torres.gf1.internal ESMTP Exim 2.10 #1 Sun, 9 May 1999 18:58:35 +0200
|this is a very long command
|500 Command unrecognized
|sldksjdhlkjrhiu
|500 Command unrecognized
|slkjhsadliuzh
|500 Command unrecognized
|riuztrieouhdgklj
|500 Command unrecognized
|debug
|500 No way!
|quit
|221 torres.gf1.internal closing connection
|Connection closed by foreign host.
|mh@torres:/mnt/main6/home/mh >

None of these things resulted in a log entry. I am thinking that it
might be useful to have exim log illegal commands on the SMTP channel.
This could be useful in detecting somebody trying to to a buffer
overflow or a similar attack. Would having such an option be useful in
attack scenarios or would it open ways to attack a mail host itself?

Am I unreasonable?

Greetings
Marc

-- 
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber          |   " Questions are the         | Mailadresse im Header
Karlsruhe, Germany  |     Beginning of Wisdom "     | Fon: *49 721 966 32 15
Nordisch by Nature  | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29


--
*** Exim information can be found at http://www.exim.org/ ***