Bugtraq mailing list archives
DoS bug in MessageASAP software
From: forrie () TIAC NET (Forrest Aldrich)
Date: Mon, 30 Aug 1999 14:18:42 -0400
The popular MessageASAP software has in it an annoying bug which can cause a nice SMTP flood during setup, under the right circumstances. In our case, we've had several incidents over the last week where we began receiving hundreds upon hundreds of relay attempts, by different users and all destined to "smtptest () messageasap com". Because we control relaying ability, nothing could be sent, but our logs filled up to very quickly. The program appears to perform an MX lookup for the current domain you have, and then attempts relaying off of those MX hosts. In our case, running large dial access pools which are used by different customers, it began spamming our own servers. The program doesn't recognize RFC error codes (which we send), so it just keeps going and going.... One unfortunate side effect of this is, apart from wasting sysadmin time, is that many people have had their accounts revoked due to violations of Acceptable Use Policies.... even though they probably had no idea why. A message has been sent to MessageASAP, in hopes they will code better. _F
Current thread:
- Re: Local DoS in FreeBSD Darren Reed (Aug 31)
- DoS bug in MessageASAP software Forrest Aldrich (Aug 30)
- Re: Local DoS in FreeBSD L. Sassaman (Sep 01)
- Re: Local DoS in FreeBSD Jared Mauch (Sep 02)
- Re: Local DoS in FreeBSD Jeff Wheat (Sep 02)
- Re: Local DoS in FreeBSD FreeBSD -- The Power to Serve (Sep 07)
- <Possible follow-ups>
- Re: Local DoS in FreeBSD MMS26 (Aug 31)
- Re: Local DoS in FreeBSD Jason Ackley (Aug 31)