Lotus Domino DoS

[Ian Gulliver <ian () orbz org>]

Problem:
--------
Some oddly formed mail envelopes can cause Lotus Domino to
enter a mail routing loop and consume 100% CPU.


Description:
------------
When a message is sent to a Lotus Domino server with an
envelope similar to:

MAIL FROM:<bounce@[127.0.0.1]>
RCPT TO:<address () domain com>

where domain.com is not local to the server in question,
the server attempts to bounce the message, and the bounce
goes into a loop, constantly being sent back to the same
server.


Versions Affected:
------------------
Confirmed on Lotus Domino R4.63, R5.01, R5.05 and R5.08


Solution:
---------
Shut down the mail server, delete the offending message
from queue and restart the server.  This won't stop the
exact same thing from happening again.


Notes:
------
I don't run Lotus Domino myself.  I run the ORBZ project,
and this was reported to us because our scanner
generates this sort of envelope.  Investigation of
versions and solutions provided by Matt Dearmon of CPA
Systems <matt () cpasystems com>.


Ian Gulliver
ORBZ