From 88356fe144204e39fe5bc4368e838d13ac2cfd13 Mon Sep 17 00:00:00 2001
From: MegaBrutal <code+git@megabrutal.com>
Date: Sat, 24 Nov 2018 00:30:30 +0100
Subject: [PATCH] Block more HTTP request methods

Block PUT, DELETE, CONNECT, OPTIONS, PATCH, and TRACE as well.

	modified:   Listener.pas
---
 Listener.pas | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Listener.pas b/Listener.pas
index 52d753d..fd607c9 100644
--- a/Listener.pas
+++ b/Listener.pas
@@ -230,7 +230,9 @@ begin
 
          if (Length(Cmd) = 0) or (not ReadSucceeded) or UnexpectedFail then { Nothing. }
 
-         else if (Cmd = 'GET') or (Cmd = 'HEAD') or (Cmd = 'POST') then begin
+         else if (Cmd = 'GET') or (Cmd = 'HEAD') or (Cmd = 'PUT') or (Cmd = 'POST')
+            or (Cmd = 'DELETE') or (Cmd = 'CONNECT') or (Cmd = 'OPTIONS')
+            or (Cmd = 'PATCH') or (Cmd = 'TRACE') then begin
             SendAndLogResponse(SMTP_R_SERVICE_NA, 'Please learn to speak SMTP for I won''t speak HTTP. Stop abusing my service!');
             UnexpectedFail:= true;
          end
-- 
2.34.1