On Tue, 20 Jul 2004, Ron wrote:
> if I do not, what stops someone from eating up smtp_accept_max
> connections more or less permanently in this way?
Nothing. (Except smtp_accept_reserve.) A malhost (sic) can connect and
send you 1 byte every timeout period and thereby tie up connections for a
very long time (well below $message_size_limit). If you offer *any*
public service, you are always open to DOS attacks. I think this is
somewhat fundamental, irrespective of the actual service (applied to
non-electronic services too).
> Now that I think about it though, in addition, does exim4 have any way
> that I can protect a server from a 'mad' teergrube host on the net, or
> do we need an equivalent of message_size_limit for outgoing messages
> too?
message_size_limit applies to all messages handled by Exim. It has no
inbuilt concept of incoming and outgoing.
> Finally, I also haven't confirmed what actually will happen if I were
> to send an enormous amount of DATA to some exim process, I don't know
> offhand where it puts it
After the size limit has been exceeded, it discards it.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book
