High CPU load, RCPT TO:
Matt Kettler
mkettler at EVI-INC.COM
Tue Feb 1 18:13:55 GMT 2005
At 12:25 PM 2/1/2005, Matt Kettler wrote:
>At 10:44 AM 2/1/2005, Dirk Enrique Seiffert wrote:
> >I can't tell if this is a sendmail or a MailScanner problem: Certain
> mails are
> >causing a loop, making sendmail consume 99% of the CPU load.
<snip>
>What makes you thing sendmail is looping? All the usernames are
>different.... Looks like a standard rumplestiltskin attack to me, where a
>spammer is just trying every name in a dictionary on your domain to see if
>they can discover new email addresses by brute-force.
Oh yes, and one more thing.. you might want to add this to your sendmail.mc:
#after 15 invalid recpipients, start slowing them down with
#1 second sleeps
define(`confBAD_RCPT_THROTTLE',15)
Then rebuild your sendmail.cf and do a service MailScanner restart.
That option will save you a lot of CPU overhead in the event of a rumple
attack, and also slow down the attacker.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list