[Top] [All Lists]

Re: Abort data transfer?

2009-10-21 17:56:50

David MacQuigg wrote:

100KB seems like a sensible size chunk. No need for a separate process monitoring the reply channel. No need to wait to make sure there is no REJECT on each chunk. A full handshake is not required. Just don't ignore any REJECTS that are sent.

Unfortunately David, as always, it is the bad guys using legacy SMTP client software for these DATA attacks could not be restricted by any new graceful control logic.

The force disconnect (drop) is all we have but that has an implicit 451 reply code for the client.

I can only see some form of learning or behavior tracking to selectively use a drop.

For example, if an client shows extended client mode by using a return path SIZE= attribute and it exceeds this size in the data transfer, then that might be a trigger for bad behavior tracing.


Hector Santos

<Prev in Thread] Current Thread [Next in Thread>