Wynand van Dyk - It's not quite what you asked for, but in case you aren't aware of it, take a look at my more general book on how to write secure programs at: http://www.dwheeler.com/secure-programs It's not specific to MTAs, but I cover some of the more general topics. Email parsing is quite painful in its full generality, and few people today need UUNET routing and other things. I'd start with a limited subset of legal email addresses and slowly expand that filter as users demanded it. You should look at some of the existing open source MTA's, and see how to help them, such as Postfix (was VMailer) and Exim. I'm sure that the authors would be very interesting in making their software more secure, and they might even be willing to make significant architectural changes to do so. If nothing else, it'll give you good ideas and possibly reusable code. Bernstein holds tight control over Qmail (you can't redistribute changed Qmail code - it's not open source), so Qmail wouldn't be a useful starting point for code reuse, but you might get good ideas from that too. --- David A. Wheeler
This archive was generated by hypermail 2b30 : Thu Feb 28 2002 - 14:06:31 PST