[EMAIL PROTECTED] wrote:
I tested by:
- I had two test servers both setup with james (Sender, Receiver)
- I set the Receiver to a max message size of 7MB
- I set the Sender to a max message size of 0MB (unlimited)
- When I sent a 20MB file from Sender to Receiver I saw the following (very rough times from memory but I can repeat and get more accuruate timings if anyone cares. (I don't really at this point since I really wanted to solve the bounce issue I was having originally).
1. Receiver.smtp.log time 0 - connection accept and message started to be transmited 2. Receiver.smtp.log time 1 minute - message to large (552) 3. Sender.mailet.log time 3 minute - error message 552 message too large
I made an assumption that message #2 on the Receiver generated the error message back to the Receiver; but based on what you said I assume this is informational that an error message will be sent once the message has been completely sent.
However, wouldn't this behavior allow for a denial of service attack? Someone could repeatedly send large files and clog up my bandwidth......
This behaviour simply double the bandwith used: once to receive the message,
once to send the bounce.
You can configure james to avoid creating the bounce or to create the bounce
with no message attached.
hmm...
Maybe I'm not fully understanding; but that is not what I am seeing.
First, the Receiver email server should not "bounce" the email. Is that correct? Instead it sends back a 552 error code (I'm only dealing with the use case where the email exceeds the max message size ).
Second, I have configured the Sender RemoteDelivery with a bounceProcessor and set the <attachment>none</attachment> option.
What I am seeing is a log message on the Receiving Email server indicating that a message has exceeded max size and will send a 552 error message. I'm assuming it will only send the error code back via the connection and *not* the entire message.
Once this error message (552) is written to the Receiving.smtp.log file, the Sending email server continues to send the email. The send portion is not aborted. When I look at ntop which shows me network traffic broken by IP address / direction (in/out) / and protocol, I confirm that the entire 20MB message is sent (Sender -> Receiver) and very little traffic (measured in KBs) is received (Receiver -> Sender).
Also, the Receiver contains the mbox of the actual user sending the email so I would not expect double the bandwidth until the user actual downloads the email (but it still wouldn't be double since the bounceProcessor strips the attachment - which I have confirm it is doing).
I still believe that if james is not stopping an incoming message (receiver side) when a message has exceeded it's max message size, that a denial of service attack it possible. This type of attack would more consume bandwidth than cpu, but bandwidth is the expensive resource in this equation.
Maybe I'll take a look at the smtp receiving code (pointer on which class to look in). It might help if I took a look to understand what it is doing for this particular case.
Chris....
-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.8 - Release Date: 5/10/2005
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
