xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
plan9fox/sys
History
Ori Bernstein e6d31c1715 spf: limit recursion depth to prevent ddos (thanks tijay, iashiq5) 
An attacker may use an infinite number of SPF referrals in his/her SPF
setting and can send an email to your mail server which would make
your SMTP server make a lot of DNS queries.  By exploiting this
vulnerability, an attacker can block your SMTP queue, flood the
associated recursive resolver, or any DNS authoritative server.

According to RFC recommendations
(https://datatracker.ietf.org/doc/html/rfc7208#section-4.6), a few DNS
lookup limits exist that an SMTP server needs to maintain while
resolving an SPF record.  That is, SPF implementations MUST limit the
total number of query-causing terms to 10 and the number of void
lookups to 2 to avoid unreasonable load on the DNS.

from:

Taejoong “Tijay” Chung (tijay@vt.edu)
Ishtiaq Ashiq (iashiq5@vt.edu)
2022-06-30 01:24:27 +00:00
..
doc /sys/doc/troff.ms: give correct path for -m flag (thanks kyle) 2021-11-01 11:28:52 +00:00
games/lib /sys/games/lib/fortunes: GPU.js 2022-01-23 03:10:23 +00:00
include ndb: increase buffer size to allow longer lines 2022-06-19 23:42:04 +00:00
lib generate boot.scr in /sys/src/boot/reform 2022-06-18 18:23:22 +00:00
man kernel: revert /srv/clone 2022-06-29 17:35:27 +00:00
src spf: limit recursion depth to prevent ddos (thanks tijay, iashiq5) 2022-06-30 01:24:27 +00:00