Re: [Exim] Protecting Percent-Hack exploitable machines with…

Pàgina inicial
Delete this message
Reply to this message
Autor: Philip Hazel
Data:  
A: Marc Haber
CC: exim-users
Assumpte: Re: [Exim] Protecting Percent-Hack exploitable machines with exim
On Tue, 21 Aug 2001, Marc Haber wrote:

> ROUTER:
> fail_percent:
>    driver = domainlist
>    local_parts = ^.*%
>    route_list = "* localhost"
>    self = local

>
> What I am now experiencing is that sometimes, when an e-mail comes in
> with % in the _header_ sender, the receiving exim process starts
> eating CPU and memory. Stracing the exim process shows a lot of name
> server operations for localhost. When I comment out the router, the
> mail goes through fine.


If you use

route_list = * 127.0.0.1 byname

it won't want do name server lookups. But you need an exim -d9 to see
why it's doing lots of them per message.

Incidentally, in Exim 4 it will be much easier to lock out addresses
containing %. So much so that I've included it in the default
configuration (also @ and /).


-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.