RE: [Exim] HTTP commands

Top Page
Delete this message
Reply to this message
Author: Alan J. Flavell
Date:  
To: Exim users list
Subject: RE: [Exim] HTTP commands
On Mon, 15 Mar 2004, John Hall wrote:

> On 15 March 2004 11:08, Tony Finch <dot@???> wrote:
>
> > > SMTP protocol violation: synchronization error (next input sent too
> > > soon): rejected "POST / HTTP/1.0"
> >
> > It's spammers using open proxies to send email using HTTP POST, hoping
> > that the HTTP request header will be ignored by the target MTA. Might
> > be a good idea to drop connections whose first command is POST...
>
> Exim seems to reject them anyway, so I shall just ignore them.


Yes, but if exim keeps the call open, they could simply go on
with their SMTP transaction as if nothing had happened. Mere
rejection of one unknown command is not enough.

There is some level of protection against this form of attack by means
of the main configuration parameter:

smtp_max_unknown_commands

although it's also probably a good idea to use a reliable DNSrbl that
lists known open HTTP proxies.

cheers