High CPU load, RCPT TO:

Matt Kettler mkettler at EVI-INC.COM
Tue Feb 1 18:13:55 GMT 2005


At 12:25 PM 2/1/2005, Matt Kettler wrote:
>At 10:44 AM 2/1/2005, Dirk Enrique Seiffert wrote:
> >I can't tell if this is a sendmail or a MailScanner problem: Certain
> mails are
> >causing a loop, making sendmail consume 99% of the CPU load.

<snip>

>What makes you thing sendmail is looping? All the usernames are
>different.... Looks like a standard rumplestiltskin attack to me, where a
>spammer is just trying every name in a dictionary on your domain to see if
>they can discover new email addresses by brute-force.


Oh yes, and one more thing.. you might want to add this to your sendmail.mc:
#after 15 invalid recpipients, start slowing them down with
#1 second sleeps
define(`confBAD_RCPT_THROTTLE',15)

Then rebuild your sendmail.cf and do a service MailScanner restart.


That option will save you a lot of CPU overhead in the event of a rumple
attack, and also slow down the attacker.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list