Hi nullmailer team,
We noticed that Nullmailer accepts a second MAIL command within the same SMTP transaction and relays the message using the second envelope sender, while the SMTP standard requires the command sequence to restart or be rejected.
Other MTAs (e.g., Postfix, Exim) reject or ignore the second MAIL as invalid with 50* responses.
By RFC 5321:
The MAIL command (or the obsolete SEND, SOML, or SAML commands)
begins a mail transaction. Once started, a mail transaction consists
of a transaction beginning command, one or more RCPT commands, and a
DATA command, in that order. A mail transaction may be aborted by
the RSET, a new EHLO, or the QUIT command. There may be zero or more
transactions in a session. MAIL (or SEND, SOML, or SAML) MUST NOT be
sent if a mail transaction is already open, i.e., it should be sent
only if no mail transaction had been started in the session, or if
the previous one successfully concluded with a successful DATA
command, or if the previous one was aborted, e.g., with a RSET or new
EHLO.
... If the commands in a transaction are out of order to
the degree that they cannot be processed by the server, a 503 failure
reply MUST be returned and the SMTP server MUST stay in the same
state.
Tested with the differential testing framework we created with the following queries:
EHLO smtpgarden\r\n
MAIL FROM:<root@google.com>\r\n
MAIL FROM:<root@apple.com>\r\n
RCPT TO:<user1@echo.smtp.garden>\r\n
DATA\r\n
:content\r\n
\r\n.\r\n
QUIT\r\n
Hi nullmailer team,
We noticed that Nullmailer accepts a second
MAILcommand within the same SMTP transaction and relays the message using the second envelope sender, while the SMTP standard requires the command sequence to restart or be rejected.Other MTAs (e.g., Postfix, Exim) reject or ignore the second
MAILas invalid with 50* responses.By RFC 5321:
Tested with the differential testing framework we created with the following queries: