On Fri, Nov 21, 2003, Sam Varshavchik <[EMAIL PROTECTED]> wrote: > Jeff Potter writes: > > > This change allows for users to add ".domain.com" entries in the > > hosteddomains file. Given a hostname "some.funky.domain.com", this > > patch adds checks for ".funky.domain.com", ".domain.com", and ".com", > > in that order. Are you willing to add this into the main branch? > > There's a problem with this approach. Someone specifying a recipient > address of "[EMAIL PROTECTED]", with > sufficient intensity, can cause a DDOS attack. Although DB lookups are > relatively fast, this is still something that cannot be ignored.
This kind of attack can be mitigated by requiring a valid email address. Two consecutive periods are illegal in a domain name. Also, the patch could be changed to only try the last 3 (or some other arbitrary number) labels in the domain name. JE ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
