Out of order SMTP DATA command can be used to bypass firewall protection
 Jul, 18 2000 - 18:37
 If an out of order SMTP DATA command is sent to a firewall/proxy it may put the firewall in a 'pass-through' mode (make the
 firewall/proxy think that the connection is valid and no further tests are needed). 

 Basically if you wish to send arbitrary stuff to a mail server protected by a vulnerable SMTP proxy, You can send a DATA
 command followed by the stuff you want to send, all in the same TCP/IP packet, immediately on connection (before you even get
 the 220 response). 

 For example: 

 <begin packet> 
 DATA 
 VERB 
 EXPN postmaster 
 . 
 <end packet> 

 You may have to send consecutive DATA commands to get it to work e.g.: 
 <begin packet> 
 DATA 
 DATA 
 VERB 
 EXPN postmaster 
 . 
 <end packet> 

 Note: In some versions you require the end . to receive the response. 

 In some cases your are not required to put stuff all in the same packet. All you need to do is issue a DATA command. There
 appears to be a timeout but just reissue the DATA again and you're back to pass-through mode. 

 Workaround: 
 Make sure you are running a secure and reliable mail server, or use a better SMTP proxy.