On Wed, Jul 27, 2005 at 08:18:36PM +0100, Tony Finch wrote:
> protocol violation. I'm currently playing around with a patch that will
> allow you to configure strict syntax checking of MAIL and RCPT commands,
> the original reason being to forbid the use of space between : and <, but
> adding a check for non-ascii characters would seem sensible too.
Just had an idea, although maybe it is what you are doing anyway (sorry,
haven't checked, maybe this is already in Exim, but I don't think so).
Why not just put the data sent to exim in a variable, say $smtp_data,
just before each ACL is called. For example, in the HELO ACL $smtp_data
would contain something like "HELO mail.server.example" and in a RCPT
ACL it would contain "RCPT TO:<address@???>". In the DATA ACL
it would contain just "DATA".
This would allow all sorts of checks to be made on the actual data that
is sent. There should possibly be a maximum length of this variable, say
1k, to stop any abuse (exim may already have a maximum size of command
allowed to be sent anyway, I guess).
Matthew
--
Matthew Newton <mcn4@???>
UNIX and e-mail Systems Administrator, Network Support Section,
Computer Centre, University of Leicester,
Leicester LE1 7RH, United Kingdom
