Majordomo-Users: Re: Possible DOS attack

Majordomo-Users
(April 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Possible DOS attack
From:	Dave Wolfe <dwolfe @ risc . sps . mot . com>
Date:	Fri, 11 Apr 1997 11:31:38 -0500 (CDT)
To:	fubar @ dino . fdt . net (Fu Bar)
Cc:	majordomo-users @ GreatCircle . COM
In-reply-to:	<Pine.LNX.3.91.970411113315.6938n-100000@dino.fdt.net> from "Fu Bar" at Apr 11, 97 11:44:02 am
Reply-to:	Dave Wolfe <david_wolfe @ risc . sps . mot . com>

[ Fu Bar writes: ]
> 
> The other day I found the load average on one of our systems climbing and 
> noticed an apparent mail loop.  It turned out, somone had sent an email 
> to majordomo at that system using majordomo as the from address.  Because 
> the system in question has multiple possible hostnames, the simple check
> 
> if (&addr_match($reply_to, $whoami)) {
> 
> around line 110 of majordomo was insufficient to catch this loop.
[...]
> What I settled on was not allowing a from address containing majordomo@.

What version are you running? That line is nearer 125-127 back to 1.93.
$majordomo_dont_reply will catch this in 1.94.1.

-- 
 Dave Wolfe

References:

Possible DOS attack
From: Fu Bar <fubar@dino.fdt.net>

Indexed By Date	Previous:	Re: your mail From: Dave Wolfe <dwolfe@risc.sps.mot.com>
Indexed By Date	Next:	Re: Possible DOS attack From: "Roger B.A. Klorese" <rogerk@QueerNet.ORG>
Indexed By Thread	Previous:	Re: Possible DOS attack From: "Roger B.A. Klorese" <rogerk@QueerNet.ORG>
Indexed By Thread	Next:	Re: "Sscribe" within the text of a message** From: Kynn Bartlett <kynn@idyllmtn.com>