[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smtpserver DOS



On Thu, Nov 02, 2000 at 02:09:07PM +0300, Eugene Crosser wrote:
> This is rather silly case but I've recently been bitten by it more
> than once.
> 
> When remote client comes in, receives 5xx of 4xx code but ignores it and
> continues to push data (esp. binary data), smtpserver's log is filled
> up by "550 Syntax error" messages causing fast consumation of disk space.
> 
> Possibly repeating messages could be filtered out a la syslog?
> Or maybe smtpserver should just drop connection after some threshold?

	PARAM max-unknown-commands 10

That doesn't, of course, help when a fly-by in the night spammer is using
broken scripts, which reconnect again and again..

	PARAM tarpit 20 2

helps to slow down such bozos making the attack less attractive.

1999-10-30  Matti Aarnio  <mea@mea.tmt.tele.fi>

	* man/smtpserver.8, proto/smtpserver.conf.in, smtpserver/cfgread.c,
	  smtpserver/smtpserver.h, smtpserver/smtpserver.c,
	  smtpserver/smtpcmds.c:
	    A "tarpit" feature implementation per an idea from
	    Arjan van de Ven <arjan@NL.UU.NET>, plus
	    Mark Visser <mark@cal026031.student.utwente.nl>.
	    (Who reported of what postfix/vmail can do.)

2000-02-29  Matti Aarnio  <mea@mea.tmt.tele.fi>

	* smtpserver/smtpserver.c, smtpserver/smtpserver.h,
	  smtpserver/cfgread.c, smtpserver/smtpcmds.c:
	    - PARAM sum-sizeoption-value  -- modify how MAIL FROM:<> SIZE=nn
	      option value is processed when compared against various limits
	      in the system -- if the option is present, effectively the
	      system required free space is message size multiplied by the
	      recipient count.
	    - PARAM max-unknown-commands nn -- how many pure junk commands
	      can be accepted before our side hungs the connection. Default
	      limit: 10

> Eugene

-- 
/Matti Aarnio	<mea@nic.funet.fi>