[Mimedefang] MIMEDefang 2.15-BETA-3 is available

David F. Skoll dfs at roaringpenguin.com
Thu Jun 13 11:29:22 EDT 2002


2.15-B3 is at

Remember the discussion about a DoS caused by complicated MIME messages?

This release includes two new flags for mimedefang-multiplexor (-R and -M)
which let you limit the resident-set size and total memory size of
slaves (RSS limits are not supported on some systems like Solaris.)

For example, my mimedefang.pl processes typically sit at around 15MB
virtual memory size.  So I use a "-M 30000" to limit to size to 30,000kB
(30MB).  If the slave exceeds that size, it is killed and the message
is tempfailed (so watch your logs!)

Also, there's a new filter_recipient function (similar to filter_sender
and filter_relay) and a corresponding mimedefang "-t" flag.  filter_sender
is now passed three arguments (envelope sender, relay IP and relay name),
so you may need to adjust your filter.

Complete changelog relative to 2.15-B2 follows.



2002-06-13  David F. Skoll  <dfs at roaringpenguin.com>

	* mimedefang-multiplexor: Added "-R" and "-M" options to
	limit memory usage of slaves.  Strongly recommended to
	help mitigate DoS attacks.

	* mimedefang-multiplexor.c (limit_mem_usage): Added ability
	to limit memory usage of slaves to mitigate DoS attacks which
	use complicated MIME messages to consume lots of memory.  All
	such messages will be tempfailed forever, so keep an eye on
	your logs.  You'll see lines like this:

	Slave 0 stderr: Out of memory!
	Slave died prematurely -- check your filter rules

2002-06-11  David F. Skoll  <dfs at roaringpenguin.com>

	* Added filter_recipient function; added ip and hostname arguments
	to filter_sender.  Improved mechanism for communicating with
	filter_sender, filter_relay and filter_recipient functions.

	* INCOMPATIBILITY:  filter_sender is now passed 3 arguments
	(sender, relay_ip, relay_hostname) instead of 1 (sender).  You
	may have to adjust your filter rules.

More information about the MIMEDefang mailing list