Hello,
I'm running latest Centos 6 with exim 4.90.1. Recently I have noticed that
some exim process in my system hangs on phase "handling TLS incoming
connection" using 100% CPU for hours.
exiwhat
41182 handling TLS incoming connection from s16.*** [91.*.*.*]
strace
read(7, "", 6049) = 0
alarm(0) = 180
alarm(180) = 0
read(7, "", 6049) = 0
alarm(0) = 180
alarm(180) = 0
...
ls /proc/41182/fd
lrwx------ 1 root root 64 03-05 08:03 6 -> socket:[230019376]
lrwx------ 1 root root 64 03-05 08:03 7 -> socket:[230019376]
In /var/log/exim/mainlog
2018-03-04 16:46:16 H=s16** [91.*.*.*]
X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<abc@???>
rejected RCPT <www@???>:
(empty string after colon)
...
In my opinion it's really easy way to make successful DoS attack.
I will be grateful for any help.
Regards,
Mateusz Krawczyk
