Re: press: The Joe Job DoS attack

[Matti Aarnio <mea@nic.funet.fi>]

On Tue, Apr 06, 2004 at 10:34:25PM +0400, Eugene Crosser wrote:
>
> http://www.theregister.co.uk/2004/04/06/joejoe_dos_attack/
> 
> By John Leyden
> Published Tuesday 6th April 2004 17:30 GMT
> 
> A problem with the way that non-delivery notifications are sent by many
> mail servers could be exploited to launch "mail bomb" denial of service
> attacks.
> 
> Incorrectly configured mail servers may respond to mail delivery failure
> with as many non-delivery reports as there are undeliverable cc: and
> bcc: addresses contained in the original email. By forging the source of
> an email, hackers could bombard systems with spurious emails.
> [...]
> Developers and mail administrators are urged to secure their SMTP mail
> services, as explained here (PDF). The fix is simple enough: don't send
> the attachment part of non-delivery receipt; and send one email in
> response to every mail failure, rather than one for every intended
> recipient.

I am somewhat dis-inclined not to return the attachment to the original
sender..  Nevertheless there are ways to acomplish about what the write
suggests:

Scheduler runtime option '-n' drops original message from bounce report.

And the error reporting for is run regularly every so often.
By default about every 5 minutes for those messages that have
accumulated some diagnostics, but are partially incomplete.
Fully completed messages are reported as soon as last recipient
has been handled.

The  PARAMglobal-report-interval  parameter can be used to adjust that
value.  In example configuration file it can be set to "every 15 
minutes".  But say you want to set it to 8h ?

-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi