Author: Chris Knipe Date: To: Steven Clarke CC: exim-users Subject: Re: (fwd) Re: [Exim] Exim DoS - Delaying system performance / system
crash.
On Wed, 5 Jan 2000, Steven Clarke wrote:
>> I have not the time to read your code, but a quick glance suggests that
>> you are just hammering the victim with many SMTP calls. Exim can be
>> protected against such an attack by setting smtp_accept_max and
>> smtp_max_per_host.
>
>I think that you are misreading the code. It seems to be connecting to the
>mail server, starting a SMTP session and then sending a 1Mb header line.
>This doesn't seem to cause a DoS to Exim 3.12 so it looks like the changes
>between 3.10 and 3.11 to improve memory allocation for headers worked.
From as far as I tested, seemed as if only versions 3.03 and below are
affected...
Regards
Chris Knipe
Cel: (083) 430 8151
Freelance Internet Developer, Consultant, Administrator & Speaker
