Andrzej Rusin created JAMES-1427:
------------------------------------
Summary: DoS scenario(s) in SMTP server
Key: JAMES-1427
URL: https://issues.apache.org/jira/browse/JAMES-1427
Project: JAMES Server
Issue Type: Bug
Components: SMTPServer
Affects Versions: 3.0-beta3
Reporter: Andrzej Rusin
1. SMTP server allows unlimited number of invalid commands, which may waste
network bandwidth.
2. The invalid commands go straight to the logs with level INFO, which can
easily fill up the server disk.
Additionally:
3. After the max message size is reached, the SMTP server denies the message,
but client keeps sending, which makes the remaining part of the message go
straight to the log because of 2.
Ideas to fix:
A. Do not log more than N invalid commands per connection - solve 2,
B. Drop connection after Nth (consecutive?) invalid command - solve 1 and 2,
C. (This one is questionable) Drop the connection after max message size is
reached - solve 3
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
