[
https://issues.apache.org/jira/browse/JAMES-768?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12466677
]
Danny Angus commented on JAMES-768:
-----------------------------------
I agree that this cures the initial symptom of log flooding, but I don't think
it resolves the DoS because the collection will grow in the background.
Is the root cause not that the AbstractDomainList.getDomains will repeatedly
add all of the local domains every time?
Look at this stripped out method (below) there's no condition to make sure the
auto-detect only runs once.
It *might* be implied by an assumption that getDomains is only called in
certain lifecycle start-up methods, but if so its use in
MailFilterCmdHandler.java & RcptFilterCmdHandler.java proves that this is a
fragile assumption which isn't documented or enforced.
If you agree, I'm happy to fix it, so you can assign this to me.
public List getDomains() {
...
if (domains != null) {
...
if (autoDetectIP == true) {
domains.addAll(DomainListUtil.getDomainsIP(domains,dns,getLogger()));
}
return domains;
}
}
> DoS in MAIL / RCPT without domain
> ---------------------------------
>
> Key: JAMES-768
> URL: https://issues.apache.org/jira/browse/JAMES-768
> Project: James
> Issue Type: Bug
> Components: SMTPServer
> Environment: James Trunk
> Reporter: Guillermo Grandes
> Assigned To: Norman Maurer
> Priority: Critical
> Fix For: Next Major
>
>
> With each MAIL/RCPT without @Domain... the DomainList grow, grow, grow,...
> without limit... and log grows and grows still more...
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
