Re: [Exim] hole in message_size_limit? (was: verify = heade…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Philip Hazel
Dátum:  
Címzett: Ron
CC: exim-users
Tárgy: Re: [Exim] hole in message_size_limit? (was: verify = header_sender ...)
On Tue, 20 Jul 2004, Ron wrote:

> if I do not, what stops someone from eating up smtp_accept_max
> connections more or less permanently in this way?


Nothing. (Except smtp_accept_reserve.) A malhost (sic) can connect and
send you 1 byte every timeout period and thereby tie up connections for a
very long time (well below $message_size_limit). If you offer *any*
public service, you are always open to DOS attacks. I think this is
somewhat fundamental, irrespective of the actual service (applied to
non-electronic services too).

> Now that I think about it though, in addition, does exim4 have any way
> that I can protect a server from a 'mad' teergrube host on the net, or
> do we need an equivalent of message_size_limit for outgoing messages
> too?


message_size_limit applies to all messages handled by Exim. It has no
inbuilt concept of incoming and outgoing.

> Finally, I also haven't confirmed what actually will happen if I were
> to send an enormous amount of DATA to some exim process, I don't know
> offhand where it puts it


After the size limit has been exceeded, it discards it.

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book:    http://www.uit.co.uk/exim-book