bug in Spear-Phishing script?
David Lee
t.d.lee at durham.ac.uk
Fri Feb 27 13:20:27 GMT 2009
Julian: Several days ago I installed your spear-phishing script/cronjob.
But it has introduced a subtle and potentially nasty side-effect, which I
have just noticed this morning.
In summary, it caused some of our outbound queued email to be silently
ignored and left, unreached, unattended and unprocessed, in the queue.
Not nice.
A traditional sendmail installation (with or without MS) includes a
long-running outbound sendmail process, which periodically spawns a child
to work its way through the outbound queue and attempt to deliver what it
finds. A major server may have a few hundred outbound emails queued, and
some of the attempted destinations may be very slow, or involve a series
of long timeouts. So it may be a considerable time before some emails in
that queue are reached. Nevertheless, in a traditional sendmail system,
they will, eventually, be reached and processed.
But the spear-phishing script does a full restart of MailScanner,
including of that outbound queue processor, every hour. So there is
considerable risk that some emails in the outbound queue may never be
reached at all, because that outbound processor will be killed before
those emails are ever reached.
Could you ponder that, please?
Best wishes.
(I'm still not clear why the script needs to restart the entire email
subsystem, including sendmail inbound/outbound, rather than simply doing a
"service MailScanner reload".)
--
: David Lee I.T. Service :
: Senior Systems Programmer Computer Centre :
: UNIX Team Leader Durham University :
: South Road :
: http://www.dur.ac.uk/t.d.lee/ Durham DH1 3LE :
: Phone: +44 191 334 2752 U.K. :
More information about the MailScanner
mailing list