Re: [exim] Exim + grsecurity + ssl = dos

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Renaud Allard
Data:  
Para: exim-users
Asunto: Re: [exim] Exim + grsecurity + ssl = dos


On 05/31/2016 07:44 PM, Samuel wrote:
> Hi,
>
> Last night, Exim stoped working for few seconds (no response) and I see
> a strange things in my logs :
>
> /var/log/exim4/mainlog :
>
> 2016-05-31 05:55:44 TLS error on connection from
> researchscan258.eecs.XXXX.edu (eecs.XXXX.edu) [1XX.212.XXX.3]
> (gnutls_handshake): Could not negotiate a supported cipher suite.
> 2016-05-31 05:55:44 H=researchscan258.eecs.XXXX.edu (eecs.XXXX.edu)
> [1XX.212.XXX.3] Warning: erreur : tls-failed
>
> So if I understand well, A special craft ssl request can cause DOS on
> Exim on Grsecurity kernel ?
>
> This is the first time I see this logs.
>
> What can I do to stop this ?


Easy way: disable CONFIG_GRKERNSEC_BRUTE in your kernel
Harder way: enable signal logging to see what triggers the bruteforce
prevention.