On 03.07.2015 18:35, Sujit Acharyya-choudhury wrote: > Just ping can cause DOS attack by Ping flooding. So if not needed for mail > gateway, we can disable ping on our mail gateways. As mentioned by Mark, this isn't an effective DOS, from an attackers perspective. Now, which kinds of DOS have you actually seen? You still didn't provide any details.
E.g. lots of connections without sending data, but hitting the connection limits so no legitimate mail can be processed? Zip-bombs like 42.zip, designed to hurt you mime-processing our your antivirus solution (which shouldn't fall for that)? Crafted messages designed to generate lots of overhead in spamassassin, like hitting the expensive regular expressions real hard? Simply saturating your bandwidth? Where the number of exim processes an issue? Or the number of messages in your queues? Or was the gateway fine by itself, but the backend system failed to process the messages quickly, thus hurting the gateway? Something else entirely? > > Regards > > Sujit > > -----Original Message----- > From: Exim-users [mailto:exim-users-bounces+s.choudhury=bbk.ac...@exim.org] > On Behalf Of Marc Haber > Sent: 03 July 2015 17:02 > To: exim-users@exim.org > Subject: Re: [exim] mail gateway requirements > > On Fri, 3 Jul 2015 14:26:11 +0000, Paul Havinden > <paul.havin...@rothamsted.ac.uk> wrote: >>> On 03.07.2015 11:58, Sujit Acharyya-choudhury wrote: >>>> We have seen recently two DoS attacks on our mail gateways, but the >>>> machines and Exim coped well. Our network administrator suggested to >>>> block ping, but from my previous experience elsewhere it cause some >>>> problem - I cannot recall exactly what. Any thoughts on this. I know it >>>> is Out of Topic. >>> You mentioned that you suspected DOS attack on your mail gateway previously >>> but never provided any >details. I suspected some major misconfiguration on >>> your side, like running an open relay or a policy of >accept-then-bounce, >>> which would be very serious issues that have to be solved. >> >>> I you don't want to disclose any details on this list, you should consider >>> hiring external consulting. >> >> We block pings to out mail servers and it's doesn’t appear to cause any >> issues. > > And what does it help? > > Greetings > Marc > > > -- Karlsruher Institut für Technologie (KIT) Steinbuch Centre for Computing (SCC) Patrick von der Hagen Zirkel 2, Gebäude 20.21, Raum 004.2 76131 Karlsruhe Telefon: +49 721 608-46433 E-Mail: ha...@kit.edu Web: http://www.scc.kit.edu KIT - Universität des Landes Baden-Württemberg und nationales Forschungszentrum in der Helmholtz-Gemeinschaft
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/