From owner-freebsd-hackers@FreeBSD.ORG Sun Jul 21 04:13:40 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 2F503E7D for ; Sun, 21 Jul 2013 04:13:40 +0000 (UTC) (envelope-from n7w@delta.emu.st) Received: from smtp1.bushwire.net (f5.bushwire.net [199.48.133.46]) by mx1.freebsd.org (Postfix) with SMTP id D613E162 for ; Sun, 21 Jul 2013 04:13:38 +0000 (UTC) Received: (qmail 2129 invoked by uid 1001); 21 Jul 2013 04:13:38 -0000 Delivered-To: qmda-intercept-freebsd-hackers@freebsd.org DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=s384; d=delta.emu.st; b=k2VMzWegp4iV+q4/Al7OWqMdPrgIQLeda7PozB2rUrrUIP5L9DMIbkODQjNNajnq; Comments: DomainKeys? See http://en.wikipedia.org/wiki/DomainKeys DomainKey-Trace-MD: h=13; b=20; l=C18R70D32M64F38T31S69R80?45M17C39C27I57; Comments: QMDA 0.3 Received: (qmail 2122 invoked by uid 1001); 21 Jul 2013 04:13:38 -0000 Date: 21 Jul 2013 04:13:38 +0000 Message-ID: <20130721041338.2121.qmail@f5-external.bushwire.net> From: "Mark Delany" To: freebsd-hackers@freebsd.org Subject: Re: bin/176713: [patch] nc(1) closes network socket too soon References: <24574.1374375946@server1.tristatelogic.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <24574.1374375946@server1.tristatelogic.com> X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 21 Jul 2013 04:13:40 -0000 > servers running certain protocols. For example, the rules of the SMTP > protocol... just to name one... require that a client wait until the > server has sent out an initial greeting banner before the client sends > anything to the server. Some SMTP servers are lenient about enforcing > this protocol rule, so in practice it may often not be necessary to wait A while back "fast talkers" as they were called, were a known signature of some spam bots. The guess is that they would just write the whole SMTP transaction in one write() immediately following the connect() and be done with it. A useful optimization when you're blatting out billions of spam. You don't see a big mention of this in search engines, so I don't know how prevalent they are now. Point being that such an option might be useful to avoid triggering any detectors that might still be looking for this. Mark.