[jira] [Closed] (JAMES-1427) DoS scenario(s) in SMTP server

["Eric Charles (JIRA)" <se...@james.apache.org>]

     [ https://issues.apache.org/jira/browse/JAMES-1427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Eric Charles closed JAMES-1427.
-------------------------------

       Resolution: Fixed
    Fix Version/s: 3.0.0-beta5
         Assignee: Eric Charles

Patch committed to trunk.
Thx Andrzej,

Eric
                
> DoS scenario(s) in SMTP server
> ------------------------------
>
>                 Key: JAMES-1427
>                 URL: https://issues.apache.org/jira/browse/JAMES-1427
>             Project: James Server
>          Issue Type: Bug
>          Components: SMTPServer
>    Affects Versions: 3.0-beta3
>            Reporter: Andrzej Rusin
>            Assignee: Eric Charles
>             Fix For: 3.0.0-beta5
>
>         Attachments: JAMES-1427.patch
>
>
> 1. SMTP server allows unlimited number of invalid commands, which may waste network bandwidth.
> 2. The invalid commands go straight to the logs with level INFO, which can easily fill up the server disk.
> Additionally:
> 3. After the max message size is reached, the SMTP server denies the message, but client keeps sending, which makes the remaining part of the message go straight to the log because of 2.
> Ideas to fix:
> A. Do not log more than N invalid commands per connection - solve 2,
> B. Drop connection after Nth (consecutive?) invalid command - solve 1 and 2,
> C. (This one is questionable) Drop the connection after max message size is reached - solve 3

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org