On Tue, Nov 11, 2025, Jaroslaw Rafa via mailop wrote:
> When in doubt, it's best to remember Postel's rule: be conservative in what
> you send, be liberal in what you accept...
That was true a long time ago, but it might create security problems.
Just one example:
8.18.1/8.18.1 2024/01/31
sendmail is now stricter in following the RFCs and rejects
some invalid input with respect to line endings
and pipelining:
- Prevent transaction stuffing by ensuring SMTP clients
wait for the HELO/EHLO and DATA response before sending
further SMTP commands. This can be disabled using
the new srv_features option 'F'. Issue reported by
Yepeng Pan and Christian Rossow from CISPA Helmholtz
Center for Information Security.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
