--- contrib/sendmail/src/conf.c.orig	Fri Dec 27 23:35:00 2002
+++ contrib/sendmail/src/conf.c	Fri Dec 27 23:39:20 2002
@@ -134,6 +134,8 @@
 	{ "needvrfyhelo",	PRIV_NEEDVRFYHELO	},
 	{ "noexpn",		PRIV_NOEXPN		},
 	{ "novrfy",		PRIV_NOVRFY		},
+	{ "nohelp",		PRIV_NOHELP		},
+	{ "nonoop",		PRIV_NONOOP		},
 	{ "restrictexpand",	PRIV_RESTRICTEXPAND	},
 	{ "restrictmailq",	PRIV_RESTRICTMAILQ	},
 	{ "restrictqrun",	PRIV_RESTRICTQRUN	},
--- contrib/sendmail/src/sendmail.h.orig	Fri Dec 27 23:35:12 2002
+++ contrib/sendmail/src/sendmail.h	Fri Dec 27 23:37:46 2002
@@ -1530,6 +1530,8 @@
 #define PRIV_NOVRFY		0x00000010	/* disallow VRFY command */
 #define PRIV_AUTHWARNINGS	0x00000020	/* flag possible auth probs */
 #define PRIV_NOVERB		0x00000040	/* disallow VERB command */
+#define PRIV_NOHELP		0x00000100	/* disallow HELP command */
+#define PRIV_NONOOP		0x00000200	/* disallow NOOP command */
 #define PRIV_RESTRICTMAILQ	0x00010000	/* restrict mailq command */
 #define PRIV_RESTRICTQRUN	0x00020000	/* restrict queue run */
 #define PRIV_RESTRICTEXPAND	0x00040000	/* restrict alias/forward expansion */
--- contrib/sendmail/src/srvrsmtp.c.orig	Fri Dec 27 23:35:19 2002
+++ contrib/sendmail/src/srvrsmtp.c	Sat Dec 28 00:07:20 2002
@@ -1909,7 +1909,10 @@
 
 			/* < 0: no deliver-by */
 
-			message("250 HELP");
+			if (bitset(PRIV_NOHELP, PrivacyFlags))
+				message("250 ");
+			else
+				message("250 HELP");
 			break;
 
 		  case CMDMAIL:		/* mail -- designate sender */
@@ -2683,14 +2686,38 @@
 
 		  case CMDHELP:		/* help -- give user info */
 			DELAY_CONN("HELP");
-			help(p, e);
+			if (bitset(PRIV_NOHELP, PrivacyFlags))
+			{
+				message("502 5.7.0 Sorry, we do not allow this operation");
+				if (LogLevel > 5)
+					sm_syslog(LOG_INFO, e->e_id,
+						  "%.100s: %s [rejected]",
+						  CurSmtpClient,
+						  shortenstring(inp, MAXSHORTSTR));
+			}
+			else
+			{
+				help(p, e);
+			}
 			break;
 
 		  case CMDNOOP:		/* noop -- do nothing */
 			DELAY_CONN("NOOP");
 			(void) checksmtpattack(&n_noop, MAXNOOPCOMMANDS, true,
 					       "NOOP", e);
-			message("250 2.0.0 OK");
+			if (bitset(PRIV_NONOOP, PrivacyFlags))
+			{
+				message("502 5.7.0 Sorry, we do not allow this operation");
+				if (LogLevel > 5)
+					sm_syslog(LOG_INFO, e->e_id,
+						  "%.100s: %s [rejected]",
+						  CurSmtpClient,
+						  shortenstring(inp, MAXSHORTSTR));
+			}
+			else
+			{
+				message("250 2.0.0 OK");
+			}
 			break;
 
 		  case CMDQUIT:		/* quit -- leave mail */