On 01/14/2014 04:42 PM morrison wrote:
Hi,
I am a system admin and I am evaluating using dovecot as our email server. In my test, I found that if I telneted to 993 port and did not do anything or I telneted to 143 port, sent starttls command and then did not do anything, the connection stayed forever without timeout. This will make our mail server vulnerable to DOS attack. I dig into dovecot Wiki and did not find any solution. This seems to me that dovecot does not handle SSL/TLS handshake timeout. I am wondering if this is a known issue and will be fixed in near future.
Thanks,
Please define 'forever'
I just did time openssl s_client -connect mail.example.com:143 -starttls imap (and nothing else):
CONNECTED(00000003) depth=0 CN = mail.… … . OK Pre-login capabilities listed, post-login capabilities have more.
- BYE Disconnected for inactivity. closed
real 3m0.377s user 0m0.016s sys 0m0.000s
As you can see, Dovecot closed the connection after three minutes.
Regards, Pascal
The trapper recommends today: fabaceae.1401420@localdomain.org