Re: [exim] DoS attack with nested MIME levels

Pàgina inicial
Delete this message
Reply to this message
Autor: Fred Viles
Data:  
A: exim-users
Assumpte: Re: [exim] DoS attack with nested MIME levels
On 14 Jul 2005 at 12:57, Michael Haardt wrote about
    "Re: [exim] DoS attack with nested M":


|...
| Tom, if you read this: How about something like mime_nesting_depth and
| mime_total_count? I am sure many people want to limit both using ACLs,
| once the crap above hits them.


That would be handy. FWIW, you can test $mime_content_type to count
message/rfc822 parts in an ACL variable. I can't see a way to
differentiate nested from successive parts (other than possibly at
the top level via $mime_is_rfc822), but rejecting after exceeding
some reasonable limit on the total count of message/rfc822 parts
would probably be effective.

- Fred