Attacks on email communication

You should take care of your project and the communication which it will handle. At least there are a number of attack possibilities even against email communication. It is important to know some of the attacks to write safe codes. Here are just a few starting links about that:

1. SMTP Injection via recipient (and sender) email addresses
2. Measuring E-Mail Header Injections on the World Wide Web
3. DDoS Protections for SMTP Servers
4. Use timeouts to prevent SMTP DoS attacks
5. Check HELO/EHLO arguments

Be aware that with enabled option of PIPELINING you can't figure out sender or recipient address injection by the SMTP server. From point of security PIPELINING should be disabled as it is per default since version 2.3.0 on this component.

# PIPELINING ist not allowed (false) per _Default_
pipelining_extension: DEFAULT_PIPELINING_EXTENSION