Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2026-01-28 20:56:03 +00:00
Code Releases Activity

smtpsrv: Close the connection after 3 errors (lowering from 10)

Browse Source 
Today, we close the connection after 10 errors. While this is fine for
normal use, it is unnecessarily large.

Lowering it to 3 helps with defense-in-depth for cross-protocol attacks
(e.g. https://alpaca-attack.com/), while still being large enough for
useful troubleshooting and normal operation.

As part of this change, we also remove the AUTH-specific failures limit,
because they're covered by the connection limit.
This commit is contained in:
Alberto Bertogli
2021-06-10 18:41:28 +01:00
parent 44eb0b903a
commit 85305f4bd9
7 changed files with 62 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
test/t-12-minor_dialogs/auth_too_many_failures.cmy
View File

@@ -10,9 +10,5 @@ c <~ 501
c -> AUTH PLAIN something
c <~ 501
c -> AUTH PLAIN something
c <~ 501
c -> AUTH PLAIN something
c <~ 501
c -> AUTH PLAIN something
c <~ 503 5.7.8 Too many attempts, go away
c <~ 421 4.5.0 Too many errors, bye