PRB: Wildcard E-mail Addresses May Cause Excessive SQL Server Usage (283900)


The information in this article applies to:

  • Microsoft Commercial Internet System 2.0
This article was previously published under Q283900

SYMPTOMS

When an e-mail is received by a Microsoft Commercial Internet System (MCIS) mail server and the recipient address has an asterisk (*) before the "@" symbol in the form "*@<domainname.com>", the Microsoft SQL Server server that is running the membership database may become unresponsive. This can cause SQL timeouts on the Lightweight Directory Access Protocol (LDAP) server. This in turn may cause mail and other LDAP depend services to stop working, in effect creating a denial-of-service attack type of effect.

CAUSE

In an MCIS environment, the Simple Mail Transport Protocol (SMTP) service attempts to look up e-mail names by using an LDAP service. The asterisk character (*) represents a wildcard to LDAP, which therefore perceives a request for *@<domainname.com> as a request for all addresses ending in <domainname.com>. This is turn sends a query to the SQL Server containing a SELECT statement specifying all users with an e-mail address ending in @<domainname.com>. Because this is a final substring search, the table index cannot be used and the entire table must be scanned, causing excessive work especially if there is a large membership database. For a site where a large percentage of the users' e-mail addresses match the search, this will also result in creation of a very large recordset, thus adding to the load. This may cause loading on the membership database to the point that other requests are not processed in a timely manner. The result may be SQL Server and LDAP timeouts in the event logs of dependant servers.

RESOLUTION

In the Properties for the LDAP service, on the General tab, there is a check box labeled Limit searches to initial substring only. If this option is selected, LDAP queries starting with a wildcard, such as *@<domainname.com>, will be disallowed. Allowing such broad queries to hit a large membership database is generally not recommended, but before selecting this option you should ensure you do not have any existing applications in place that require the ability to perform searches prefixed with a wildcard.

Two other properties on the General tab of the LDAP service Properties may also help limit the impact of broad queries if used as specified here:
  • Do not set Max query time to 0 (unlimited). This should be a value large enough to accommodate standard queries under load, but not so large as to allow overly expensive queries to run for long periods. The optimal setting depends on the environment that the LDAP service is being used in.
  • Do not set Max results set to unlimited. Again, the best value for this setting depends on the environment and the type of applications that are accessing the LDAP service.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
Modification Type:MajorLast Reviewed:10/22/2002
Keywords:kbDSupport kbprb KB283900
©2002 Microsoft Corporation. All rights reserved.