[Mimedefang] "Possible SMTP attack: command=HELO/EHLO, count=3"
David F. Skoll
dfs at roaringpenguin.com
Thu Oct 26 16:40:04 EDT 2006
Jan-Pieter Cornet wrote:
> According to my reading of the sendmail source: yes, every EHLO or
> HELO command causes a milter call.
However, according to the RFCs, a HELO can be issued multiple times in
an SMTP session, and a HELO (except for the first) is equivalent to a
RSET followed by a HELO. In my tests, libmilter indeed calls
xxfi_abort for second and subsequent HELOs, so it's practically
impossible for a milter to remember that there have been multiple
HELOs.
Regards,
David.
More information about the MIMEDefang
mailing list