Fragmented messages ?
Julian Field
mailscanner at ecs.soton.ac.uk
Tue May 27 11:30:33 IST 2003
At 15:40 23/05/2003, you wrote:
>2) If you have a server that, for some reason, tries to assemble the pieces
>of a fragmented message, it is automatically vulnerable to a trivial DoS
>(Denial of Service) attack, where an attacker simply sends a lot of (fake)
>fragments, without ever completing all the fragments of a messege... it can
>surely fill up your queue filesystem in a very short time... significantly
>shorter than a reasonable "fragment timeout"...
That's exactly why I wrote it. The worst you can do at the moment is a DoS
attack against one or more client PC's, you can't DoS the mail server.
>So you end up with the two possibilities that MailScanner 4.x gives you:
>You either forbid fragmented messages (the most reasonable one) or allow them
>to pass thru without being scanned at all. But seriously, in the current
>bandwidth Internet, I see really _very_ little use for fragmented messages,
>the most prominent one would be... attacking :-)
>
>El 23 May 2003 a las 15:58, Sylvain Blanc - CRI du Pays De Gex et du escribió:
> > Hello,
> >
> > Mailscanner say :
> > "Fragmented messages cannot be reliably scanned"
> > when i send a fragmented messages.
> > The version 2.27 cannot parse this type of message ??
> >
> > My OS is a debian potato
> > with :
> > sendmail 8.9.3
> > mailscanner 3.27-1
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
More information about the MailScanner
mailing list