Re: [exim] mail gateway requirements

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M+\Jasen Betts at <-
MMM 
Delete this message
Reply to this message
Author: Patrick von der Hagen
Date:  
To: exim-users@exim.org
Subject: Re: [exim] mail gateway requirements
On 03.07.2015 18:35, Sujit Acharyya-choudhury wrote:
> Just ping can cause DOS attack by Ping flooding. So if not needed for mail gateway, we can disable ping on our mail gateways.
As mentioned by Mark, this isn't an effective DOS, from an attackers
perspective. Now, which kinds of DOS have you actually seen? You still
didn't provide any details.

E.g. lots of connections without sending data, but hitting the
connection limits so no legitimate mail can be processed?
Zip-bombs like 42.zip, designed to hurt you mime-processing our your
antivirus solution (which shouldn't fall for that)?
Crafted messages designed to generate lots of overhead in spamassassin,
like hitting the expensive regular expressions real hard?
Simply saturating your bandwidth?
Where the number of exim processes an issue? Or the number of messages
in your queues? Or was the gateway fine by itself, but the backend
system failed to process the messages quickly, thus hurting the gateway?
Something else entirely?


>
> Regards
>
> Sujit
>
> -----Original Message-----
> From: Exim-users [mailto:exim-users-bounces+s.choudhury=bbk.ac.uk@exim.org] On Behalf Of Marc Haber
> Sent: 03 July 2015 17:02
> To: exim-users@???
> Subject: Re: [exim] mail gateway requirements
>
> On Fri, 3 Jul 2015 14:26:11 +0000, Paul Havinden
> <paul.havinden@???> wrote:
>>> On 03.07.2015 11:58, Sujit Acharyya-choudhury wrote:
>>>> We have seen recently two DoS attacks on our mail gateways, but the
>>>> machines and Exim coped well. Our network administrator suggested to
>>>> block ping, but from my previous experience elsewhere it cause some
>>>> problem - I cannot recall exactly what. Any thoughts on this. I know it is Out of Topic.
>>> You mentioned that you suspected DOS attack on your mail gateway previously but never provided any >details. I suspected some major misconfiguration on your side, like running an open relay or a policy of >accept-then-bounce, which would be very serious issues that have to be solved.
>>
>>> I you don't want to disclose any details on this list, you should consider hiring external consulting.
>>
>> We block pings to out mail servers and it's doesn’t appear to cause any issues.
>
> And what does it help?
>
> Greetings
> Marc
>
>
>

--
Karlsruher Institut für Technologie (KIT)
Steinbuch Centre for Computing (SCC)

Patrick von der Hagen

Zirkel 2, Gebäude 20.21, Raum 004.2
76131 Karlsruhe
Telefon: +49 721 608-46433
E-Mail: hagen@???
Web: http://www.scc.kit.edu

KIT - Universität des Landes Baden-Württemberg und
nationales Forschungszentrum in der Helmholtz-Gemeinschaft

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] SMTP command timeout on TLSRe: [exim] reverse_host_lookup exception list->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)