Re: [Exim] Exim and deny of service risk...

Góra strony
Delete this message
Reply to this message
Autor: Nico Erfurth
Data:  
Dla: erick.bullier
CC: exim-users
Temat: Re: [Exim] Exim and deny of service risk...
erick.bullier@??? wrote:
> Hello,
>
> I was yesterday at a conference about linux security.
> One of the linux Security Consultant spook about the mail servers.
> Postfix is the best (for security reasons) for him.
> He say that there is possibility to block exim serveur (or to slow it down)
> for a single user by sending a lot of packet at the same time.
> The example was that postfix detect this and slow down the packet for this
> user and allow the packet the another to pass simultaneously...
> I believe that there is a specific directive in exim conf to fix that.
> In fact, how run this directive, and does it prevent really this type of
> situation...
> I would like to receive a good formated answer (i can send it to the office of
> this very famous french security consultant agency)...


Options you should look for

smtp_accept_max - limits maximum parallel smtp-connection
smtp_accept_max_per_host - limits smtp-connections per host
smtp_accept_max_per_connection - max number of of MAIL-commands per conn
smtp_accept_queue_per_connection - maximum number of delivery processes,
                      started for an incoming connection
smtp_rate_limit_* - limit the rate of incoming commands from specific
                     hosts




> I am little anxious, because my mail server run with exim (3.35) and supporte
> a lot of mail account....
> I tryed yesterday to defend Exim and its capabilitys, but it's very difficult
> without real security arguments...


This is not a flame, but I think to many ppl believe in postfix-marketing.

Contact your security-expert, and ask him about he wants to take down
exim, and most probably, you can say him "Just set this option...."