Another dump check it out:
The underlined command shouldnt be allowed IMHO. Check it out: After the user has given EHLO, the user is supposed to give AUTH, but in the below case if the user gives _MAIL FROM_ its still accepted. Isnt it a security lapse? Please do reply back. Veeresh --------------------------------------- 220 <1020147970.976@khanorkar> [XMail 1.7 (Win32/Ix86) ESMTP Server] service ready; Tue, 30 Apr 2002 11:56:10 +0530 EHLO khanorkar ^^^^^^^^^^^^^^ 250-xmailserver.test 250-VRFY 250-ETRN 250-8BITMIME 250-PIPELINING 250-AUTH LOGIN PLAIN CRAM-MD5 250 SIZE MAIL FROM: <[EMAIL PROTECTED]> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 250 OK rcpt to: <[EMAIL PROTECTED]> 250 OK data 354 Start mail input; end with <CRLF>.<CRLF> Another bug. Veeresh .. 250 OK <SFC> __________________________________________________ Do You Yahoo!? Yahoo! Health - your guide to health and wellness http://health.yahoo.com - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
