High CPU load, RCPT TO:
Matt Kettler
mkettler at EVI-INC.COM
Tue Feb 1 17:25:13 GMT 2005
At 10:44 AM 2/1/2005, Dirk Enrique Seiffert wrote:
>I can't tell if this is a sendmail or a MailScanner problem: Certain mails are
>causing a loop, making sendmail consume 99% of the CPU load. I have to
>manually restart MailScanner. What they have in common:
>1) Recipients don't exist
>2) RCPT TO:
>
>root 25608 74.3 0.5 8572 2556 ? R 09:55 29:11 sendmail:
>j11EtSBe025608 218.45.73.183.eo.eaccess.ne.jp [218.45.73.183]: RCPT TO:
><cesamir at caribenet.com>
>
>logs show soemthing like:
What makes you thing sendmail is looping? All the usernames are
different.... Looks like a standard rumplestiltskin attack to me, where a
spammer is just trying every name in a dictionary on your domain to see if
they can discover new email addresses by brute-force. Most of us are
sustaining these on a frequent basis now days, although generally in a
distributed fashion instead of single source.
If this is bogging down your CPU, perhaps you need to check into doing
something to make username lookup lighter weight than it is (are you using
milter-ahead or something of the sort?)
You might also want to look at things like rumplekill
http://bignosebird.com/notebook/rumplekill.shtml
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list