Bugtraq mailing list archives

Re: Anonymous Qmail Denial of Service

From: ant () NOTATLA DEMON CO UK (Antonomasia)
Date: Thu, 7 Jan 1999 21:43:34 GMT


Dan Bernstein writes on BUGTRAQ:

   There are lots of interesting remote denial-of-service attacks on any
   mail system. A long-term solution is to insist on prepayment for
   unauthorized resource use. The tricky technical problem is to make
   the prepayment enforcement mechanism cheaper than the expected cost
   of the attacks.


    Hashcash addresses this tricky technical problem.

    http://www.dcs.ex.ac.uk/~aba/hashcash
    http://www.notatla.demon.co.uk/SOFTWARE/software.html

    Hashcash was envisaged as an aid to spam filtering, but I have
    put hooks for it in the program described below to limit
    anonymous DoS attacks.

On the bright side, mailers are _not_ permitted to discard messages for
frivolous reasons such as full disks. They have to report the problem to
the sender, so that the sender can keep the message and try again later.



Angel, my (non-SMTP) MTA with crypto, relies on positive confirmation that
a message _was_ delivered correctly.

Retries are carried out at intervals until the maximum number of retries
is reached. (Note: number of tries, not timeout.  It makes a difference
on machines that are sometimes switched off.)

When the retry limit is reached a new delivery mechanism can be tried
instead (as defined in a config file), or the message can be silently
dropped.  This approach is adopted because the MTA is mainly intended for
anonymous mail so bounces to sender are impossible.

There are no set[ug]id programs involved.  One (or more) writable directories
are used for posting outgoing mail because local attacks are out of the
intended scope.   At additional processing cost you could have a different
posting directory per user.

 Um, almost forgot - contains cryptographic code by Eric Young and Tim Hudson.

--
##############################################################
# Antonomasia   ant () notatla demon co uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################

Current thread:

Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service), (continued)
- - - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Mark Crosbie (Jan 09)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Pete Kruckenberg (Jan 09)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 09)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Len Budney (Jan 08)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Thamer Al-Herbish (Jan 08)
    - Re: setuid vs. setgid (was Re: Anonymous Qmail Denial of Service) Kragen Sitaker (Jan 09)
- really silly ff.core exploit for Solaris John McDonald (Jan 07)
  - ff.core exploit on Solaris (2.)7 Daniel J. Frasnelli (Jan 08)
    - Re: ff.core exploit on Solaris (2.)7 Casper Dik (Jan 15)
  - L0pht tmp tool and (mini) Advisory Dr. Mudge (Jan 08)
- Re: Anonymous Qmail Denial of Service Antonomasia (Jan 07)
- Re: Anonymous Qmail Denial of Service D. J. Bernstein (Jan 09)
  - Re: Anonymous Qmail Denial of Service Wietse Venema (Jan 10)
  - Keeping Solaris up-to-date John RIddoch (Jan 11)
    - Keeping any up-to-date? Randolf-Heiko Skerka (Jan 13)
    - Re: Keeping any up-to-date? Ciaran Deignan (Jan 15)
    - Re: Keeping any up-to-date? Peter May (Jan 15)
  - Administrivia Aleph One (Jan 12)
    - Tracing by uid u after root does setuid(u) D. J. Bernstein (Jan 12)
    - Re: Tracing by uid u after root does setuid(u) Wietse Venema (Jan 13)
    - Re: Tracing by uid u after root does setuid(u) Casper Dik (Jan 13)

(Thread continues...)