This content has been marked as final. Show 3 replies
iPlanet tech support stated that earlier versions of the messaging server allowed DoS attacks to occur because there were no restrictions on the DATA line. A remote user/MTA could send endless streams of data causing the server to eventually run out of memory and crash.
configutil allows the parameter controlling the data line to be adjusted:
local.service.smtp.smtp-accept.maxlinelength -v xxxxx
where xxxx is the number of bytes to allow on the data line. The current default is 16384 bytes.
They recommend tweeking the value to achieve the desired result. A value of 0 == unlimited, which could lead to the DoS attacks. This is not recommened.
I think the configutil option 'service.smtp.maxlinelength' controls this. However, be aware that if you increse this setting remote MTAs may not accept mail from you as your MTA (now the new mail client to the remote MTA) is breaking the RFC. RFC2822 forbids lines over 1024 characters and certain MTAs strictly enforce this.
RFC-2821 defines the limit as 1000 characters, counting the CRLF. The reason you will begin to notice errors in 4.15p7 is that the maxlinelength value was changed from 16384 in 4.15p6 to 1024 in 4.15p7 for compliance and to reduce risk of DoS attacks.
<hr>The maximum total length of a text line including the <CRLF> is 1000 characters (not counting the leading dot duplicated for transparency). This number may be increased by the use of SMTP Service Extensions.
You can increase this value as you wish, but do so with care.
The attribute that defines the maximum DATA line length is <b>local.service.smtp.smtp-accept.maxlinelength</b>. If you increase that, you should also check that <b>local.service.smtp.smtp-accept.datapoll</b> is either not set or set to <i>0</i>. Also check that the values for <b>local.service.smtp.requirecrlf</b> and <b>service.smtp.smtp-accept.requirecrlf</b> are either not present or set to <i>0</i>.