Dailydave mailing list archives
Re: disregard - one more test, sorry
From: Dave Aitel <dave () immunitysec com>
Date: Fri, 09 Sep 2005 10:02:01 -0400
We're testing the Bounce handler in mailman. Apparantly you can DoS[1] a mailman instance by signing a thousand people up to a list (which we did by mistake) then having those thousand people placed into the bounce queue. This makes mailman's bounce handler grow to use approximately one gig of ram and all the CPU. To fix this, you need (it turns out) to set the bounce handling to "on each bounce, just disable/unsubscribe that person". However, while the bounce handler is doing it's painful dance, the administrative interface is only accessible by shutting down mailman (via killall -9 python).
Theoretically this is fixed, because you were just able to send the list mail. :>
-dave[1] You could do this maliciously if you wanted to. They should really fix it.
Dave Korn wrote:
----Original Message----From: Bas Alberts Sent: 08 September 2005 20:57I know, I know, be holdink your horses.Well at least tell us _what_ you're testing! cheers, DaveK
Current thread:
- disregard - one more test, sorry Bas Alberts (Sep 08)
- RE: disregard - one more test, sorry Dave Korn (Sep 09)
- Re: disregard - one more test, sorry Dave Aitel (Sep 09)
- RE: disregard - one more test, sorry Dave Korn (Sep 09)
- Re: disregard - one more test, sorry Nick Drage (Sep 14)
- Re: disregard - one more test, sorry Dave Aitel (Sep 14)
- Re: disregard - one more test, sorry Rudra Kamal Sinha Roy (Sep 14)
- Re: disregard - one more test, sorry Dave Aitel (Sep 09)
- RE: disregard - one more test, sorry Dave Korn (Sep 09)