[prev in list] [next in list] [prev in thread] [next in thread]
List: qmail
Subject: Re: message size
From: Kyle Wheeler <kyle-qmail () memoryhole ! net>
Date: 2007-04-16 14:03:00
Message-ID: 20070416140300.GD564 () c-76-18-79-168 ! hsd1 ! nm ! comcast ! net
[Download RAW message or body]
On Monday, April 16 at 02:23 PM, quoth Hugo Monteiro:
> From the qmail docs, i read that databytes is enforced by checking
> the actual message size written to disk, and not by counting the
> ammount while in transfer by qmail-smtpd.
Well, *as* it is written to disk.
> Basically my doubt is if databytes is enforced by qmail-queue and
> not qmail-smtpd, meaning that although there is no message delivery,
> and originating a bounce, the message is actually accepted in full
> for processing, possibly leading to a DoS (fill the entire fs).
qmail-queue won't, in a vanilla install, fill up the disk. It will
begin writing the huge mail to disk and once it gets to 10MB will
delete what has been written so far and return an error.
Your problem, in this case, is that simscan is not enforcing the
limit, and so it *can* fill up the disk. This is something you
probably need to ask the simscan folks about: can you get simscan to
respect the databytes file?
> If that is the case, is there a way to configure qmail to prevent
> this?
Well, there's a patch out there that makes qmail announce it's
databytes limitation, which can prevent smart senders from sending
messages that won't be accepted, but that's not protection from an
attack. I think the real answer is to get the simscan authors to
implement the protection that qmail-queue ordinarily affords (or to
write a wrapper around simscan that will do it, which may be rather
tricky).
~Kyle
--
Only the fool hopes to repeat an experience; the wise man knows that
every experience is to be viewed as a blessing.
-- Henry Miller
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic