james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tellier Benoit (JIRA)" <server-...@james.apache.org>
Subject [jira] [Comment Edited] (JAMES-2190) Any sieve script provided should be checked for its size to prevent DoS
Date Wed, 18 Oct 2017 09:06:01 GMT

    [ https://issues.apache.org/jira/browse/JAMES-2190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16209017#comment-16209017
] 

Tellier Benoit edited comment on JAMES-2190 at 10/18/17 9:05 AM:
-----------------------------------------------------------------

It's more a concern of protocol layer, don't you think?

 - Using CLI, the script is added by the admin. Maybe we can consider him responsible.
 - Using "mailets" this kind of concerns can be addressed via SMTP SIZE extension
 - Using "ManageSIEVE" this remains a real concern.


was (Author: btellier):
It's more a concern of protocol layer, don't you think?

> Any sieve script provided should be checked for its size to prevent DoS
> -----------------------------------------------------------------------
>
>                 Key: JAMES-2190
>                 URL: https://issues.apache.org/jira/browse/JAMES-2190
>             Project: James Server
>          Issue Type: Improvement
>            Reporter: Matthieu Baechler
>
> Sieve scripts are basically files that will be handled by the server.
> It requires to fit in memory for being executed so it would make sense to ensure it's
not too big before accepting or loading it so that it's not a DoS vector.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message