bug in Spear-Phishing script?

David Lee t.d.lee at durham.ac.uk
Fri Feb 27 13:20:27 GMT 2009


Julian:  Several days ago I installed your spear-phishing script/cronjob. 
But it has introduced a subtle and potentially nasty side-effect, which I 
have just noticed this morning.

In summary, it caused some of our outbound queued email to be silently 
ignored and left, unreached, unattended and unprocessed, in the queue. 
Not nice.

A traditional sendmail installation (with or without MS) includes a 
long-running outbound sendmail process, which periodically spawns a child 
to work its way through the outbound queue and attempt to deliver what it 
finds.  A major server may have a few hundred outbound emails queued, and 
some of the attempted destinations may be very slow, or involve a series 
of long timeouts.  So it may be a considerable time before some emails in 
that queue are reached.  Nevertheless, in a traditional sendmail system, 
they will, eventually, be reached and processed.

But the spear-phishing script does a full restart of MailScanner, 
including of that outbound queue processor, every hour.  So there is 
considerable risk that some emails in the outbound queue may never be 
reached at all, because that outbound processor will be killed before 
those emails are ever reached.

Could you ponder that, please?

Best wishes.


(I'm still not clear why the script needs to restart the entire email 
subsystem, including sendmail inbound/outbound, rather than simply doing a 
"service MailScanner reload".)

-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:  UNIX Team Leader                         Durham University     :
:                                           South Road            :
:  http://www.dur.ac.uk/t.d.lee/            Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :


More information about the MailScanner mailing list