Information Security News mailing list archives
Re: Email attack could kill servers
From: InfoSec News <isn () c4i org>
Date: Fri, 9 Apr 2004 03:07:04 -0500 (CDT)
Forwarded from: Kurt Seifried <listuser () seifried org>
All email is sent across the internet using the Simple Mail Transfer Protocol (SMTP), which stipulates that a notification should be sent whenever a message with a bad address is received. There are numerous different types of email server, however, which can all be configured in various ways.
While serious this can be dealt with relatively easily, Postfix for example supports local recipient maps which can be based on the local UNIX password database, the alias maps database, a virtual users database (meaning it can be completely arbitrary and no local accounts/etc are required, just export a list from your Exchange server/ADS once a day and dump it in). Thus if an email recipient doesn't exist the email is rejected during the connection, i.e. no real traffic amplification takes place (and you stay RFC compliant). In addition to this it prevents spam to non-existent email accounts from clogging up your mail servers causing them to hold messages, create bounces, etc. In general some form of traffic amplification will always be capable with email if the mail server creates bounce messages at all (and it's unlikely people will be willing to completely disable bounce/error messages/etc). However with intelligent filtering/limiting what you accept and rejecting email during the connection, not once it has been accepted for delivery this problem can largely be addressed. Hopefully this will also lead to better rejection/bounce capabilities from major mail servers at the connection level and not force people to accept mail so that they can then reject/bounce it, or to third party products/proxies that bolt on to existing systems. Of course setting your server up correctly won't prevent you from inbound attacks, but it will prevent you from being used to attack other people. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _________________________________________ ISN mailing list Sponsored by: OSVDB.org
Current thread:
- Email attack could kill servers InfoSec News (Apr 08)
- <Possible follow-ups>
- Re: Email attack could kill servers InfoSec News (Apr 09)