http://bugzilla.spamassassin.org/show_bug.cgi?id=3042
Summary: DoS attack possible with blackhole dns server
Product: Spamassassin
Version: 2.63
Platform: PC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P3
Component: Libraries
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
Last days we suffered a denial of service of SA. We use SA as a pm module
called by MailScanner.
A misconfigured mailbox forwarding loop generated about 1-5 new error mails per
second. This mails contained IP addresses of the internal network of the sender
domain in the Received: header lines. When SA performed its common tests it
tried to resolve this IP addresses but the authoritative nameserver(s) did not
answer. Every request timed out two times with 3-4 seconds each. So SA needs
about 20 seconds to process one email!
Consequently the incoming queue growed until our MTA stalled completely.
When spammers configure their nameserver in the same way and flood us with spam
they can melt down all SA-Installations.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
