bug in Spear-Phishing script?
Denis.Beauchemin at USherbrooke.ca
Fri Feb 27 15:05:01 GMT 2009
Julian Field a écrit :
> On 27/2/09 13:20, David Lee wrote:
>> Julian: Several days ago I installed your spear-phishing
>> script/cronjob. But it has introduced a subtle and potentially nasty
>> side-effect, which I have just noticed this morning.
>> In summary, it caused some of our outbound queued email to be
>> silently ignored and left, unreached, unattended and unprocessed, in
>> the queue. Not nice.
>> A traditional sendmail installation (with or without MS) includes a
>> long-running outbound sendmail process, which periodically spawns a
>> child to work its way through the outbound queue and attempt to
>> deliver what it finds. A major server may have a few hundred
>> outbound emails queued, and some of the attempted destinations may be
>> very slow, or involve a series of long timeouts. So it may be a
>> considerable time before some emails in that queue are reached.
>> Nevertheless, in a traditional sendmail system, they will,
>> eventually, be reached and processed.
>> But the spear-phishing script does a full restart of MailScanner,
>> including of that outbound queue processor, every hour. So there is
>> considerable risk that some emails in the outbound queue may never be
>> reached at all, because that outbound processor will be killed before
>> those emails are ever reached.
> If you're running a big system, why are you using the same machine(s)
> to deliver outbound mail as well as accept inbound mail? I split them
> into 2 separate jobs and use separate machines for each task. And you
> only need to do the phishing stuff on the inbound machines.
>> (I'm still not clear why the script needs to restart the entire email
>> subsystem, including sendmail inbound/outbound, rather than simply
>> doing a "service MailScanner reload".)
> Does a "reload" cause a re-compile of all the SpamAssassin rules? I
> don't think so. But a new "restartms" option would solve the problem,
> which just restarted MailScanner and didn't touch the sendmail
> processes. How about I add that to the init.d script?
> A pair of new init.d scripts are attached, one for the RedHat
> distribution and the other for the SuSE distribution. I would be
> grateful if you could try them out to check that "service MailScanner
> restartms" does what it is supposed to.
In the RH version (didn't check the SuSE one), you need to add ";;" on
PS: I am trying to configure a server that could (in case of DR) play
both inbound and outbound roles at the same time. I will be running
different sendmail and MS instances. I think the current init script
won't play nice with this scheme because it "killproc MailScanner"
without regards about which instance it might belong to. Why don't you
use $MSPID instead?
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x62252 F: 819.821.8045
More information about the MailScanner