james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Charles (JIRA)" <server-...@james.apache.org>
Subject [jira] [Commented] (JAMES-1427) DoS scenario(s) in SMTP server
Date Sun, 31 Mar 2013 10:07:16 GMT

    [ https://issues.apache.org/jira/browse/JAMES-1427?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13618295#comment-13618295
] 

Eric Charles commented on JAMES-1427:
-------------------------------------

Hi Andrzej,
Patch looks good but I have some reject trying to apply it on trunk

patch -p0 --dry-run < JAMES-1427.patch 
(Stripping trailing CRs from patch.)
patching file protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/fastfail/MaxUnknownCmdHandler.java
Hunk #1 FAILED at 27.
Hunk #2 FAILED at 36.
Hunk #3 FAILED at 55.
3 out of 3 hunks FAILED -- saving rejects to file protocols/smtp/src/main/java/org/apache/james/protocols/smtp/core/fastfail/MaxUnknownCmdHandler.java.rej
(Stripping trailing CRs from patch.)


                
> DoS scenario(s) in SMTP server
> ------------------------------
>
>                 Key: JAMES-1427
>                 URL: https://issues.apache.org/jira/browse/JAMES-1427
>             Project: James Server
>          Issue Type: Bug
>          Components: SMTPServer
>    Affects Versions: 3.0-beta3
>            Reporter: Andrzej Rusin
>         Attachments: JAMES-1427.patch
>
>
> 1. SMTP server allows unlimited number of invalid commands, which may waste network bandwidth.
> 2. The invalid commands go straight to the logs with level INFO, which can easily fill
up the server disk.
> Additionally:
> 3. After the max message size is reached, the SMTP server denies the message, but client
keeps sending, which makes the remaining part of the message go straight to the log because
of 2.
> Ideas to fix:
> A. Do not log more than N invalid commands per connection - solve 2,
> B. Drop connection after Nth (consecutive?) invalid command - solve 1 and 2,
> C. (This one is questionable) Drop the connection after max message size is reached -
solve 3

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message