From djb-qmail-return-3264-j=xxxx@koobera.math.uic.edu Wed Jun 11 22:12:04 1997 Delivered-To: xxx@xxx Mailing-List: contact djb-qmail-help@koobera.math.uic.edu; run by ezmlm Delivered-To: mailing list djb-qmail@koobera.math.uic.edu Delivered-To: djb-qmail@koobera.math.uic.edu Message-Id: <199706112211.RAA11254@spike.porcupine.org> Subject: qmail-dos-2.c, another denial of service attack To: djb-qmail@koobera.math.uic.edu Date: Wed, 11 Jun 1997 18:11:41 -0400 (EDT) From: wietse@wzv.win.tue.nl (Wietse Venema) Organization: Wietse Venema on sabattical leave, 14 Nosband Avenue 4J, White Plains, NY 10605, USA X-Phone: +1 914 948 7129 X-Time-Zone: USA EST, 6 hours behind central European time X-Mailer: ELM [version 2.4ME+ PL15 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit
Problem: denial of service problem in qmail-smtpd. By sending an unlimited number of recipient addresses, a malicious SMTP client can run the qmail host out of memory, rendering the system unusable.
Fix: impose some configurable upper bound on the number of RCPT commands per message.
Attached is a little program that illustrates the problem.