Re: [exim] DoS attack with nested MIME levels

Pàgina inicial
Aquest missatge és part del següent fil:
Ml'arbre de fils complet ordenat per data
M\Alan J. Flavell en <-
MMOliver Egginger en ->
Delete this message
Reply to this message
Autor: Michael Haardt
Data:  
A: exim-users
Assumpte: Re: [exim] DoS attack with nested MIME levels
> If in fact it's composing these non-delivery reports with non-null
> envelope senders, then we'd blacklist those envelope senders as being
> a misuse of mail procedures.

Sure, if it were just one or two. You got it, the session report plus
the original mail are used to compose a new mail, _keeping_ the original
envelope. Things get as bad as >1000 nested parts, and since half of
them are message/rfc822, exiscan just goes crazy. And that from various
hosts, most of them appearantly dialup systems.

I have no idea if malware tries to bypass scanners by hitting their
limits until they stop scanning, or if there is some new popular, but
broken, software.

Michael


Aquest missatge es va enviar a les següents llistes de correu:
Exim-users
Informació sobre la llista de correu | Missatges propers		<-Re: [exim] Multiple warning headers for multiple RBL matchesRe: [exim] DoS attack with nested MIME levels->
Tahini and Hummus and Cumin Development Archives administrat per cumin AdminsLurker (versió 2.3)