Re: [exim] Exim + grsecurity + ssl = dos

Wed, 01 Jun 2016 07:39:53 -0700 


Le 01/06/2016 à 15:05, Renaud Allard a écrit :


On 06/01/2016 12:32 PM, Samuel wrote:

Le 01/06/2016 à 11:24, Jeremy Harris a écrit :

On 31/05/16 18:44, Samuel wrote:

2016-05-31 05:55:44 TLS error on connection from
researchscan258.eecs.XXXX.edu (eecs.XXXX.edu) [1XX.212.XXX.3]
(gnutls_handshake): Could not negotiate a supported cipher suite.
2016-05-31 05:55:44 H=researchscan258.eecs.XXXX.edu (eecs.XXXX.edu)
[1XX.212.XXX.3] Warning: erreur : tls-failed

OK, cipher-suite mismatch...


/var/log/syslog :

May 31 05:55:44 anemone-mailin-01 kernel: [4547900.677897] traps:
exim4[23055] general protection ip:6664ddc0bad6 sp:7483826d3710 error:0
in libc-2.19.so[6664ddba2000+1a2000]

Oops!


So if I understand well, A special craft ssl request can cause DOS on
Exim on Grsecurity kernel ?

Not all that crafted; just a choice of ciphers.

Is this a problem from my side ? Do I have to do someting ?


Given the name of the host researchscanXXX, may I assume you have used a
server to test the crypto? So if it has indeed attempted some kind of
brute force, maybe grsec was right.


Strange but perharps solved I think, It was my own fault :


I'm building a test server .... and I started it only for testing mode 
.... but I forgot to open the 465 port to the my mail-IN exim.

So now I'm sure that last connexions were on port 25 with starttls.


I open the port 465 to the exim mail-IN and I just see the researchscan 
coming in again, this time on port 465 with no alert from grsecurity.
But, this could just mean that there is no prob on port 465 .... but 
perharps still a problem with port 25 ont TLS



And as my server is only in test mode, I just get only few mailing-list 
and botnet ;-) , I'm sure that was not clean email.



So could this brute force alert be a problem for people without 
grsecurity and port 465 closed ... ?



Some grsec features should be used with great precautions. This is not a
magical recipe.



Yes I'm taking care with grsec, but I use it for years with not so much 
problem (except clam ...)


Thanks.

Samuel.




--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/





















					Reply via email to