james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrzej Rusin (JIRA)" <server-...@james.apache.org>
Subject [jira] [Created] (JAMES-1427) DoS scenario(s) in SMTP server
Date Fri, 20 Jul 2012 10:38:33 GMT
Andrzej Rusin created JAMES-1427:
------------------------------------

             Summary: DoS scenario(s) in SMTP server
                 Key: JAMES-1427
                 URL: https://issues.apache.org/jira/browse/JAMES-1427
             Project: JAMES Server
          Issue Type: Bug
          Components: SMTPServer
    Affects Versions: 3.0-beta3
            Reporter: Andrzej Rusin


1. SMTP server allows unlimited number of invalid commands, which may waste network bandwidth.
2. The invalid commands go straight to the logs with level INFO, which can easily fill up
the server disk.

Additionally:
3. After the max message size is reached, the SMTP server denies the message, but client keeps
sending, which makes the remaining part of the message go straight to the log because of 2.

Ideas to fix:
A. Do not log more than N invalid commands per connection - solve 2,
B. Drop connection after Nth (consecutive?) invalid command - solve 1 and 2,
C. (This one is questionable) Drop the connection after max message size is reached - solve
3

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message