On 01/14/2014 04:42 PM morrison wrote: > Hi, > > I am a system admin and I am evaluating using dovecot as our email server. In > my test, I found that if I telneted to 993 port and did not do anything or I > telneted to 143 port, sent starttls command and then did not do anything, the > connection stayed forever without timeout. This will make our mail server > vulnerable to DOS attack. I dig into dovecot Wiki and did not find any > solution. This seems to me that dovecot does not handle SSL/TLS handshake > timeout. I am wondering if this is a known issue and will be fixed in near > future. > > Thanks, >
Please define 'forever' I just did `time openssl s_client -connect mail.example.com:143 -starttls imap` (and nothing else): CONNECTED(00000003) depth=0 CN = mail.… … . OK Pre-login capabilities listed, post-login capabilities have more. * BYE Disconnected for inactivity. closed real 3m0.377s user 0m0.016s sys 0m0.000s As you can see, Dovecot closed the connection after three minutes. Regards, Pascal -- The trapper recommends today: fabaceae.1401...@localdomain.org
