| Subject: | multiple responses to invalid MAIL FROM and RCPT TO commands |
In the mail and rcpt subroutines, the server replies with multiple messages
to an invalid mail or rcpt command. If I type
mail frm:<>
the response is:
501 Usage: MAIL FROM:<mail addr>
250 Ok.
This 250 Ok is confusing. Is the from address accepted or not? It also
causes problems when the client expects only one line of response. For
example I implemented recipient validation according to my other post, and
verified it with http://verify.abuse.net/cgi-bin/relaytest . This test
program expects only one line as a response, therefore it inperprets the 250
Ok message as a response to the next command it gives! So this is what
happens:
Show quoted text
>>> MAIL FROM:<>
<<< 501 Usage: MAIL FROM:<mail addr>
Show quoted text>>> RSET
<<< 250 Ok. #this is the second line of response to the above mail command!
Show quoted text>>> MAIL FROM:<spamtest@whatever>
<<< 250 Ok. #this is the response to rset!
Show quoted text>>> RCPT TO:<securitytest@abuse.net>
<<< 250 Ok. #this is the response to mail from! Although the server refuses
this address, it is only visible on the next line. The test fails as the
server seems to be an open relay.
I believe it is better if there is no 'Ok' message after an error or usage
response, therefore i added a 'return' before every $con->reply in the mail
and rcpt subroutines.