Hi the problem shows up no matter what client you use ... process name is imapd. Carlos On Fri, Feb 6, 2009 at 6:24 PM, Blake Hudson <blake@xxxxxxxx> wrote: > > -------- Original Message -------- > Subject: Fwd: Huge header detection > From: Carlos Horowicz <carlos.horowicz@xxxxxxxxx> > To: info-cyrus@xxxxxxxxxxxxxxxxxxxx > Date: Friday, February 06, 2009 12:34:39 PM >> Hi there, >> >> postfix author suggested me to post here following issue : >> >> we received a spam that bypassed all controls and consisted of a huge >> header (4M) , repeating these four lines 31.000 times (chaning only >> the Reply-To): >> >> MIME-Version: 1.0 >> Content-type: text/html; charset=iso-8859-1 >> From: Magaly <verano@xxxxxxxx> >> Reply-To: fdsafdsafdsa@xxxxxx >> >> It resulted in a denial-of-service in 10 Imap servers , eating up all >> CPU and rendering them unusable. We solved it by stopping imapd, >> identifying the message in the file system, delete it and reconstruct >> the accounts. Whenever one imapd hit one of this message from our >> webmail , it gets "poisoned" and consumes lots of CPU. Each of my imap >> servers hold 5K to 25K users. >> >> The servers run versions of cyrus-imapd ranging from 2.3.7 under >> CentOS ( v2.3.7-Invoca-RPM-2.3.7-2.el5 ) , to FreeBSD-6-stable and >> FreeBSD-7-stable compiled from ports (2.3.6,. 2.3.7 and 2.3.13). >> >> Is there anything that could be done from cyrus imapd side to avoid >> such CPU consumption ? do you need more information , like an imap >> activity log ? >> >> Thanks in advance, >> >> Carlos >> >> > > What was the name of the process that was consuming CPU? Did this pose a > problem for all IMAP clients, or just the webmail? > > --Blake > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
