bug in Spear-Phishing script?

Denis Beauchemin Denis.Beauchemin at USherbrooke.ca
Fri Feb 27 15:05:01 GMT 2009


Julian Field a écrit :
>
>
> On 27/2/09 13:20, David Lee wrote:
>>
>> Julian:  Several days ago I installed your spear-phishing 
>> script/cronjob. But it has introduced a subtle and potentially nasty 
>> side-effect, which I have just noticed this morning.
>>
>> In summary, it caused some of our outbound queued email to be 
>> silently ignored and left, unreached, unattended and unprocessed, in 
>> the queue. Not nice.
>>
>> A traditional sendmail installation (with or without MS) includes a 
>> long-running outbound sendmail process, which periodically spawns a 
>> child to work its way through the outbound queue and attempt to 
>> deliver what it finds.  A major server may have a few hundred 
>> outbound emails queued, and some of the attempted destinations may be 
>> very slow, or involve a series of long timeouts.  So it may be a 
>> considerable time before some emails in that queue are reached.  
>> Nevertheless, in a traditional sendmail system, they will, 
>> eventually, be reached and processed.
>>
>> But the spear-phishing script does a full restart of MailScanner, 
>> including of that outbound queue processor, every hour.  So there is 
>> considerable risk that some emails in the outbound queue may never be 
>> reached at all, because that outbound processor will be killed before 
>> those emails are ever reached.
> If you're running a big system, why are you using the same machine(s) 
> to deliver outbound mail as well as accept inbound mail? I split them 
> into 2 separate jobs and use separate machines for each task. And you 
> only need to do the phishing stuff on the inbound machines.
>> (I'm still not clear why the script needs to restart the entire email 
>> subsystem, including sendmail inbound/outbound, rather than simply 
>> doing a "service MailScanner reload".)
> Does a "reload" cause a re-compile of all the SpamAssassin rules? I 
> don't think so. But a new "restartms" option would solve the problem, 
> which just restarted MailScanner and didn't touch the sendmail 
> processes. How about I add that to the init.d script?
>
> A pair of new init.d scripts are attached, one for the RedHat 
> distribution and the other for the SuSE distribution. I would be 
> grateful if you could try them out to check that "service MailScanner 
> restartms" does what it is supposed to.
>
> Jules
>
Julian,

In the RH version (didn't check the SuSE one), you need to add ";;" on 
line 451.

Denis
PS: I am trying to configure a server that could (in case of DR) play 
both inbound and outbound roles at the same time.  I will be running 
different sendmail and MS instances.  I think the current init script 
won't play nice with this scheme because it "killproc MailScanner" 
without regards about which instance it might belong to. Why don't you 
use $MSPID instead?

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045




More information about the MailScanner mailing list