Bjørn Mork wrote:
Jose-Marcio Martins da Cruz <jose-marcio.mart...@mines-paristech.fr>
writes:
I'm running the original patch on my mail servers for around 5 years
without problems. These servers are under Solaris, FreeBSD or Debian
Etch or Lenny...
With "nfd = 0" inside the "for (;;)" loop? Strange. I could not get
that to handle anything at all.
As long as rebuild_set was always true, nfd will be set to a correct value, each time the
loop was run.
The bug which were talking about affects only a
particular situation when very old stale connections are closed by
libmilter : connections inactive for more than 2 hours. So, it may be
hard to detect if your patch solves the problem or not.
Yes, I understand that.
But does that mean that the bug can be triggered by connecting to a
server running milters and leaving the connection open for more than 2
hours?
If so, it should be fairly easy both to test and, unfortunately, to use
this for a DoS attack...
This is one condition, but not the only one.
I'm afraid I don't know how many connections were open when the milters
crashed, but the mail statistics does not show any unusual activity.
And these servers are very lightly loaded (less than 1 message per
minute on average).
Another hint pointing at libmilter, is the fact that both clamav-milter
and spamass-milter crashed at the same time
Both subjects are related to libmilter. The second one is related to the number of file
descriptors in use. There were many messages in comp.mail.sendmail newsgroup many years
ago. It's up to milters to control the number of file descriptors in use, not to
libmilter. So although it's related to libmilter, it's not a libmilter bug.
But when it happens, libmilter logs something at some syslog file.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
