Am 03.05.2011 19:00, schrieb Rich Wales: >> So what other 'vulnerable' configuration information EHLO reveals >> & how they can disabled/mitigated/fabricated ? > > You may want to suppress the SIZE information (maximum size of a > message that your server will accept). Some hackers might take > this as a challenge and try to exploit it in a denial-of-service > attack to clog up your server with huge junk messages that are > just under your advertised size limit. Unless you have a very > small "message_size_limit" for some unusual reason, I don't see > any real point in explicitly advertising it.
surely - a well designed client does not try to send a 30 MB attachment if the server says "not more than 20 MB", i do not want to wait a minute until i get "this was too much"
signature.asc
Description: OpenPGP digital signature
