Weird Problem with MailScanner

Damian Rivas damian at cht.com.ar
Mon Oct 22 16:34:20 IST 2007 

I have sendmail, not postfix as my MTA. I've been checking and I have to download some packages like access_db to prevent Backscattering.

I'll explain how things work here so that you can give me more accurate advice:

I have a MX Linux server on the outside which is the one experimenting the weird problem, caused surely by the backscattering. Then, I have an internal MS Exchange 2003 server which recieves the filtered and scanned mails and sends the mails via SMTP to the MX Linux Server to be scanned before being sent.

I can activate SMTP filtering in Exchange but the problem is that it checks the contacts in AD, if I don't have that contact it doesn't send the mail. Why is it a problem? As I stated before, this is a Travel Agency and is constantly recieving mails from new hotels, airlines, agencies, etc. With "new" I mean that they were unknown contacts until the reception of their mail, therefore there domain is not identified as a trusted or real one. So, if I use the MS Exchange filtering this will likely block the answers to this new domains.

So the filtering, in my opinion should be done only in the MailScanner server, the thing is that I want to know which is your recommendation to build the filtering on sendmail and if there can be a solution with the MS Exchange filtering, perhaps I misunderstood the documentation.

Thanks in advance!
Regards.-



-----Mensaje original-----
De: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Jason Ede
Enviado el: lunes, 22 de octubre de 2007 12:17
Para: MailScanner discussion
Asunto: RE: Weird Problem with MailScanner


Oops... Forgot to address last point... If the address can't be verified then the email won't be accepted and will be rejected with a 550 (I think) user not found error... Normally if you use a cache then its not a problem for temporary outages as the verified recipients remain verified for a few days anyway (configurable)

For more info read.... http://www.postfix.org/ADDRESS_VERIFICATION_README.html

Jason


From: mailscanner-bounces at lists.mailscanner.info [mailscanner-bounces at lists.mailscanner.info] On Behalf Of Mikael Syska [mikael at syska.dk]
Sent: 22 October 2007 15:58
To: MailScanner discussion
Subject: Re: Weird Problem with MailScanner

Hi Jason,

A little offtopic maybe, but I hope people dont mind me jumping in here.

You talk about recipient verification ....Can this be done to multiple hosts? Right now we have a mysql transport_maps_table witch tells where to deliver the mail .... would it be possible to verify recipient with external smtp hosts or would that maybe give a too big overhead of traffic vs just receive and scan .... ? But what happens if the smtp in the other end does not answer? Will the mail be dropped? or just try to verify later ?

best regards
Mikael Syska

You just g
Jason Ede wrote:
> After you've tried optimising then...
>
> I'd consider using the spamhaus blacklists at the very least to reject 
> mails at smtp level...
>
> Then try using recipient verification (also at smtp level...) (On 
> postfix just reject_unverified_recipient) which checks if its 
> deliverable to its destination servers... No point accepting it if you 
> can't deliver it...
>
> Jason
>
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailscanner-bounces at lists.mailscanner.info] On Behalf Of Damian Rivas [damian at cht.com.ar]
> Sent: 22 October 2007 14:41
> To: MailScanner discussion
> Subject: RE: RE: Weird Problem with MailScanner
>
> It catches and accepts e-mails for our pack of domains: cht.com.ar, 
> aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar 
> and ci-educ.com.ar.
>
> The main problem is that domains like hispanoamericana are way too old 
> and recieve lots of spam messages. The main domain, cht.com.ar 
> recieves a lot of mails daily, the problem with this is that it is 
> difficult for me to find a good filter policy, because as it is a 
> Travel Agency it recieves mails from hotels and other agencies, so, if 
> I put a strict filter of "if you are not in my Exchange contact list 
> you cannot pass" this mails are not likely entering any way and that 
> is not the idea.
>
> I'm following up some guidelines that UxBoD sent me in one of the 
> links to accelerate MS, so I'll let you know if things go better.
>
> I think that a BackScatter attack is very likely to be happening. 
> Until these last months, there was never a single problem, so 
> something strange might have happened to increase the SPAM bombing and 
> therefore to turn the old server useless.
>
> And about upgrading memory, I think that it would be cheaper (at least 
> in Argentina PC100 Memories are very expensive as they aren't produced 
> anymore) and have more sense to directly make an entire new server, 
> with better processor and better memory. I was thinking in a 1Ghz 
> processor, is it ok? Which are the minimum recommended requisites?
>
> ___________________________________________________
>
> Damián Rivas
> Administrador de Hardware y Redes
> Departamento de Sistemas
> Consult House Turismo S.A.
> Tel: 4315-1900
> email: damian at cht.com.ar
> web: www.cht.com.ar
>
>
> -----Mensaje original-----
> De: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Jason 
> Ede Enviado el: lunes, 22 de octubre de 2007 10:08
> Para: MailScanner discussion
> Asunto: RE: RE: Weird Problem with MailScanner
>
>
> What domains do you accept email for? Are you sure its not operating 
> as an open gateway?
>
> Jason
>
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailscanner-bounces at lists.mailscanner.info] On Behalf Of Damian Rivas [damian at cht.com.ar]
> Sent: 22 October 2007 13:48
> To: MailScanner discussion
> Subject: RE: Weird Problem with MailScanner
>
> Ok, here we go again. How was your weekend people?
>
> Ugo, here is the output you asked for:
>
> vmstat 5 10:
>
> procs -----------memory---------- ---swap-- -----io---- --system--
> ----cpu----
>  r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy
> id wa
>  0  0 105712  46416  14388  53324    5    3     1     8   13    11 21  1
> 78  0
>  0  0 105712  46264  14392  53324    0    0     0    10  111   171  0  0
> 99  0
>  0  0 105712  46196  14408  53324    0    0     0    24  108   170  0  1
> 99  0
>  0  0 105712  46128  14448  53324    0    0     0    39  112   179  0  0
> 100  0
>  0  0 105712  46132  14456  53324    0    0     0    54  124   174  0  0
> 100  0
>  1  0 105712  44988  14496  53424    0    0    21    89  123   176  8  4
> 88  0
>  0  0 105712  45464  14512  53548    0    0    24    28  110   162  8  3
> 89  0
>  0  0 105712  45264  14628  53612    0    0    22   138  138   208  9  4
> 87  0
>  0  0 105712  46036  14668  53596    0    0     0    61  114   179  0  0
> 100  0
>  2  0 105712  46028  14676  53596    0    0     0     4  105   166  0  0
> 100  0
>
> I'm also attaching a bit of the output of a tail -f /var/log/maillog 
> for you to see, there's too much spam and false addresses which 
> slowing down MS a lot. There are still about 28k messages!(on Friday 
> there were 45k!!!!).
>
> UxBoD, you told me to run the init.d script to stop the MS, the 
> problem is Slackware uses the traditional BSD Init, so I went to the 
> 'rc.d' directory but couldn't found, or couldn't figure out were the 
> script for stoping MS is, sorry for my ignorance again.
>
> As always thank you people for your valuable help.
>
> Regards.-
>
>
> -----Mensaje original-----
> De: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Ugo 
> Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17
> Para: mailscanner at lists.mailscanner.info
> Asunto: Re: Weird Problem with MailScanner
>
>
> Damian Rivas wrote:
>
>> 1) There are 3 MS childs running
>>
>
> That is way too much. Your system is probably swapping like crazy.  
> Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service 
> MailScanner restart' (assuming redhat/centos)
>
> Can you send us the output of :
>
> 'vmstat 5 10' (will take 50 seconds to execute)
>
> Did you check if memory was available for this system?  If it is and 
> if it is not too expensive, I'll add at least another 128 (more if you 
> can).
>
> Ugo
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!
-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list