Weird Problem with MailScanner
Damian Rivas
damian at cht.com.ar
Tue Oct 23 13:56:55 IST 2007
Yes Phil of course I can upgrade SA, I'll do that today.
I'm following up a tutorial to stop backscattering in sendmail here: http://elqui.dcsc.utfsm.cl/util/email/backscatter.html
The thing is that I don't understand how the following part in the access file works (sorry for my ignorance again):
######################
# Reject Forgery - Not requiered for Backscattering
######################
# FOR TEST USE: /usr/lib/sendmail -bt
# check_mail <valid.user at example.com> --> ACCESS DENIED
From:example.com REJECT
# check_mail <valid.user at my.org> --> ACCESS DENIED
From:my.org REJECT
######################
## Reject Backscatter....
# reject unknown recipients, because SPAMMERS use this to spam other
# domains through bounces messages (user unknown).
#
##############################################
# general rejection strings
To:example.com error:5.1.1:"550 User unknown"
To:my.org error:5.1.1:"550 User unknown"
The first part seems to reject any address of example.com and my.org domains, that part confuses me.
The second part, the part I'm really interested has no reject instruction so I'm getting even more confused. As I told you I'm a novice in open source world yet so I'm still getting used to this config files and their sintax.
Many people in the inet said that the link I provided you is the definitive solution for sendmail, I hope it does. If someone can explain me those parts, it would be great!!!
Thanks all for your tips and help!
-----Mensaje original-----
De: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Randal, Phil
Enviado el: lunes, 22 de octubre de 2007 18:11
Para: MailScanner discussion
Asunto: RE: RE: Weird Problem with MailScanner
Is there any chance that you can upgrade to SA 3.1.9 and then do an sa-update?
PhiL
-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Damian Rivas
Sent: 22 October 2007 16:37
To: MailScanner discussion
Subject: RE: RE: Weird Problem with MailScanner
Phil:
The version of Spam Assassin is 3.1.5.
Here is the output of MailScanner -v:
Running on
Linux ns4 2.4.26 #2 Mon Jun 14 19:05:05 PDT 2004 i686 unknown unknown GNU/Linux This is Perl version 5.008004 (5.8.4)
This is MailScanner version 4.55.10
Module versions are:
1.00 AnyDBM_File
1.14 Archive::Zip
1.02 Carp
1.119 Convert::BinHex
1.00 DirHandle
1.05 Fcntl
2.72 File::Basename
2.07 File::Copy
2.01 FileHandle
1.06 File::Path
0.16 File::Temp
0.90 Filesys::Df
1.23 HTML::Entities
3.26 HTML::Parser
2.24 HTML::TokeParser
1.21 IO
1.10 IO::File
1.123 IO::Pipe
1.50 Mail::Header
3.05 MIME::Base64
5.420 MIME::Decoder
5.420 MIME::Decoder::UU
5.420 MIME::Head
5.420 MIME::Parser
3.03 MIME::QuotedPrint
5.420 MIME::Tools
0.11 Net::CIDR
1.08 POSIX
1.77 Socket
1.4 Sys::Hostname::Long
0.17 Sys::Syslog
1.86 Time::HiRes
1.02 Time::localtime
Optional module versions are:
0.17 Convert::TNEF
1.808 DB_File
1.13 DBD::SQLite
1.50 DBI
1.06 Digest
missing Digest::HMAC
2.33 Digest::MD5
2.11 Digest::SHA1
missing Inline
missing Mail::ClamAV
3.001005 Mail::SpamAssassin
missing Mail::SPF::Query
missing Net::CIDR::Lite
1.24 Net::IP
missing Net::DNS
missing Net::LDAP
missing Parse::RecDescent
missing SAVI
2.40 Test::Harness
0.47 Test::Simple
1.95 Text::Balanced
missing URI
-----Mensaje original-----
De: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Randal, Phil Enviado el: lunes, 22 de octubre de 2007 12:30
Para: MailScanner discussion
Asunto: RE: RE: Weird Problem with MailScanner
Damian,
Which version of Spamassassin are you running?
Can you post the output of
MailScanner -V
Cheers,
Phil
--
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK
> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf
> Of Damian Rivas
> Sent: 22 October 2007 14:42
> To: MailScanner discussion
> Subject: RE: RE: Weird Problem with MailScanner
>
> It catches and accepts e-mails for our pack of domains: cht.com.ar,
> aaovyt.com.ar, skalbue.com.ar, hispanoamericana.com.ar, cieduc.com.ar
> and ci-educ.com.ar.
>
> The main problem is that domains like hispanoamericana are way too old
> and recieve lots of spam messages. The main domain, cht.com.ar
> recieves a lot of mails daily, the problem with this is that it is
> difficult for me to find a good filter policy, because as it is a
> Travel Agency it recieves mails from hotels and other agencies, so, if
> I put a strict filter of "if you are not in my Exchange contact list
> you cannot pass" this mails are not likely entering any way and
> that is not the idea.
>
> I'm following up some guidelines that UxBoD sent me in one of the
> links to accelerate MS, so I'll let you know if things go better.
>
> I think that a BackScatter attack is very likely to be happening.
> Until these last months, there was never a single problem, so
> something strange might have happened to increase the SPAM bombing and
> therefore to turn the old server useless.
>
> And about upgrading memory, I think that it would be cheaper (at least
> in Argentina PC100 Memories are very expensive as they aren't produced
> anymore) and have more sense to directly make an entire new server,
> with better processor and better memory. I was thinking in a 1Ghz
> processor, is it ok? Which are the minimum recommended requisites?
>
> ___________________________________________________
>
> Damián Rivas
> Administrador de Hardware y Redes
> Departamento de Sistemas
> Consult House Turismo S.A.
> Tel: 4315-1900
> email: damian at cht.com.ar
> web: www.cht.com.ar
>
>
> -----Mensaje original-----
> De: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre
> de Jason Ede
> Enviado el: lunes, 22 de octubre de 2007 10:08
> Para: MailScanner discussion
> Asunto: RE: RE: Weird Problem with MailScanner
>
>
> What domains do you accept email for? Are you sure its not operating
> as an open gateway?
>
> Jason
>
> From: mailscanner-bounces at lists.mailscanner.info
> [mailscanner-bounces at lists.mailscanner.info] On Behalf Of
> Damian Rivas [damian at cht.com.ar]
> Sent: 22 October 2007 13:48
> To: MailScanner discussion
> Subject: RE: Weird Problem with MailScanner
>
> Ok, here we go again. How was your weekend people?
>
> Ugo, here is the output you asked for:
>
> vmstat 5 10:
>
> procs -----------memory---------- ---swap-- -----io---- --system--
> ----cpu----
> r b swpd free buff cache si so bi bo in
> cs us sy
> id wa
> 0 0 105712 46416 14388 53324 5 3 1 8 13
> 11 21 1
> 78 0
> 0 0 105712 46264 14392 53324 0 0 0 10 111
> 171 0 0
> 99 0
> 0 0 105712 46196 14408 53324 0 0 0 24 108
> 170 0 1
> 99 0
> 0 0 105712 46128 14448 53324 0 0 0 39 112
> 179 0 0
> 100 0
> 0 0 105712 46132 14456 53324 0 0 0 54 124
> 174 0 0
> 100 0
> 1 0 105712 44988 14496 53424 0 0 21 89 123
> 176 8 4
> 88 0
> 0 0 105712 45464 14512 53548 0 0 24 28 110
> 162 8 3
> 89 0
> 0 0 105712 45264 14628 53612 0 0 22 138 138
> 208 9 4
> 87 0
> 0 0 105712 46036 14668 53596 0 0 0 61 114
> 179 0 0
> 100 0
> 2 0 105712 46028 14676 53596 0 0 0 4 105
> 166 0 0
> 100 0
>
> I'm also attaching a bit of the output of a tail -f /var/log/maillog
> for you to see, there's too much spam and false addresses which
> slowing down MS a lot. There are still about 28k messages!(on Friday
> there were 45k!!!!).
>
> UxBoD, you told me to run the init.d script to stop the MS, the
> problem is Slackware uses the traditional BSD Init, so I went to the
> 'rc.d' directory but couldn't found, or couldn't figure out were the
> script for stoping MS is, sorry for my ignorance again.
>
> As always thank you people for your valuable help.
>
> Regards.-
>
>
> -----Mensaje original-----
> De: mailscanner-bounces at lists.mailscanner.info
> [mailto:mailscanner-bounces at lists.mailscanner.info] En nombre de Ugo
> Bellavance Enviado el: domingo, 21 de octubre de 2007 11:17
> Para: mailscanner at lists.mailscanner.info
> Asunto: Re: Weird Problem with MailScanner
>
>
> Damian Rivas wrote:
> > 1) There are 3 MS childs running
>
> That is way too much. Your system is probably swapping like crazy.
> Set it to '1' in /etc/MailScanner/MailScanner.conf and do a 'service
> MailScanner restart' (assuming redhat/centos)
>
> Can you send us the output of :
>
> 'vmstat 5 10' (will take 50 seconds to execute)
>
> Did you check if memory was available for this system? If it is and
> if it is not too expensive, I'll add at least another 128 (more if you
> can).
>
> Ugo
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list