|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] disregard - one more test, sorry
From: Dave Aitel (dave
immunitysec.com)
Date: Fri Sep 09 2005 - 09:02:01 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We're testing the Bounce handler in mailman. Apparantly you can DoS[1] a
mailman instance by signing a thousand people up to a list (which we did
by mistake) then having those thousand people placed into the bounce
queue. This makes mailman's bounce handler grow to use approximately
one gig of ram and all the CPU. To fix this, you need (it turns out) to
set the bounce handling to "on each bounce, just disable/unsubscribe
that person". However, while the bounce handler is doing it's painful
dance, the administrative interface is only accessible by shutting down
mailman (via killall -9 python).
Theoretically this is fixed, because you were just able to send the list
mail. :>
-dave
[1] You could do this maliciously if you wanted to. They should really
fix it.
Dave Korn wrote:
>----Original Message----
>
>
>>From: Bas Alberts
>>Sent: 08 September 2005 20:57
>>
>>
>
>
>
>>I know, I know, be holdink your horses.
>>
>>
>
>
> Well at least tell us _what_ you're testing!
>
> cheers,
> DaveK
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]