Philip Prindeville a écrit : > I see your point, however I don't think that Sendmail was trying to "fix" > broken email. I think it was trying to take email from other transports > and protocol spaces (like Bitnet, Usenet, Decnet, X.400, etc that have > passed into well deserved obscurity... ;-) and add the necessary > garnishments to make them transportable across SMTP/RFC-822. >
yes. Sendmail had to battle with too many protocols. > The issue is that Sendmail would also add these to messages being relayed > from other MTA's. > > I guess that's the nature of the problem: SMTP doesn't give you a separate > mechanism for submission and relaying. You can't easily tell if you're > getting a message via SMTP from an MUA that didn't attach a Message-Id > (and thank god they don't, because there would be too many different > "fingerprints" of Message-id formats to tell which were bogus and which > were genuine, i.e. coming from valid MUA's and not ratware)... or if you're > being handed a message from a broken relay. > today, that's possible. - either explicitly using an MSA (listening on the submission port). It now has its RFC - or assuming that all mail received via smtp is "complete". very few "dumb" MUAs use smtp now. The majority of mail is sent from "graphical" MUAs using smtp or from "old style" MUAs using the sendmail command. In the "gui" case, outloouk, thunderbird, opera, eudora, ... etc all send "complete" mail (they have their bugs, but...). so the MTA can still "fix" mail if sent via the command line (the sendmail command) and not do that if smtp is used, unless if the admin knows he has broken mailers... > Hmmm.... Perhaps the protocol could had a mechanism added so that the > server could tell if it is talking to a peer (another MTA) or a client > (an MUA). > mail submission has already its own rfc... > But then, would that create the potential for exploits? Probably. > MUAs have a lot of other vulnerabilities that the MTA doesn't solve anyway. I know of no MUA that will break/... if the message has a missing header.
