Re: [exim] DoS attack with nested MIME levels

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
M\Alan J. Flavell, mensaje del <-
MMOliver Egginger, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Michael Haardt
Fecha:  
A: exim-users
Asunto: Re: [exim] DoS attack with nested MIME levels
> If in fact it's composing these non-delivery reports with non-null
> envelope senders, then we'd blacklist those envelope senders as being
> a misuse of mail procedures.

Sure, if it were just one or two. You got it, the session report plus
the original mail are used to compose a new mail, _keeping_ the original
envelope. Things get as bad as >1000 nested parts, and since half of
them are message/rfc822, exiscan just goes crazy. And that from various
hosts, most of them appearantly dialup systems.

I have no idea if malware tries to bypass scanners by hitting their
limits until they stop scanning, or if there is some new popular, but
broken, software.

Michael


Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: [exim] Multiple warning headers for multiple RBL matchesRe: [exim] DoS attack with nested MIME levels->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)