Vulnerability Development mailing list archives
Re: SMTP non delivery notification DoS/DDoS Attacks
From: Philip Rowlands <phr () doc ic ac uk>
Date: Wed, 7 Apr 2004 10:45:04 +0100 (BST)
On Mon, 5 Apr 2004, Stefan Frei wrote:
My colleagues and I have been doing some research into a mail-related vulnerabilities over the last month or two. We discovered that a problem exists within the way non-delivery notifications are sent from many SMTP mail servers.
Stefan, You mention in your paper (page 16), "Organizations that had chosen to utilize the services of external anti-spam and anti-virus organizations for the primary SMTP services were more likely to respond with N factor NDN message responses." I assume here you mean MessageLabs. My curiosity in this is that only last week I was in contact with a MessageLabs engineer, as my company [1] is an ML customer, to enquire about this exact behaviour; i.e. that of non-authoritative MX servers, or SMTP servers which will relay for a domain without authoritatively knowing which local parts are valid. I wonder if you could suggest, if identifiable from the greeting banner, which MTAs exhibit the prefered behaviour of a single response to Experiment B, when deployed in an "out of the box" configuration? Where an MTA is not the final destination server, would you recommend the use of techniques such as Exim's callouts and callout-caching [2]? Cheers, Phil [1] "My company" is this context is *not* doc.ic.ac.uk, so noone should go getting any ideas :) [2] http://www.exim.org/exim-html-4.30/doc/html/spec_38.html#IX2313
Current thread:
- SMTP non delivery notification DoS/DDoS Attacks Stefan Frei (Apr 05)
- Re: SMTP non delivery notification DoS/DDoS Attacks Philip Rowlands (Apr 07)