james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From norman <nor...@apache.org>
Subject Re: TCP checks and "Denial of Service Attacks"
Date Thu, 12 Jul 2007 19:01:22 GMT
Am Donnerstag, den 12.07.2007, 13:52 -0400 schrieb Anthony Whyte:
> One of our community member institutions are running a Sakai cluster  
> using James.  They use a Big-IP load balancer.  When performing Big- 
> IP health checks every few seconds against various points in their  
> test system the testing generated numerous TCP connections.
> 
> There testing filled up the available number of connections to James,  
> and Sakai's email handling effectively shut down.  They quickly  
> changed to SMTP checking and restarted, solving the immediate  
> problem, but there remains a concern about a potential "denial of  
> service" issue with the James component, since anyone can perform  
> that style of TCP check.  Is there some way to configure James to not  
> be vulnerable in this way?
> 
> Cheers,
> 
> Anthony Whyte
> Sakai Foundation

In trunk its possible to limit the connections per ip. I think this solve the problem, right
?

bye
Norman


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org


Mime
View raw message