bug in Spear-Phishing script?

Julian Field MailScanner at ecs.soton.ac.uk
Fri Feb 27 16:31:42 GMT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 27/2/09 15:05, Denis Beauchemin wrote:
> Julian Field a écrit :
>>
>>
>> On 27/2/09 13:20, David Lee wrote:
>>>
>>> Julian:  Several days ago I installed your spear-phishing 
>>> script/cronjob. But it has introduced a subtle and potentially nasty 
>>> side-effect, which I have just noticed this morning.
>>>
>>> In summary, it caused some of our outbound queued email to be 
>>> silently ignored and left, unreached, unattended and unprocessed, in 
>>> the queue. Not nice.
>>>
>>> A traditional sendmail installation (with or without MS) includes a 
>>> long-running outbound sendmail process, which periodically spawns a 
>>> child to work its way through the outbound queue and attempt to 
>>> deliver what it finds.  A major server may have a few hundred 
>>> outbound emails queued, and some of the attempted destinations may 
>>> be very slow, or involve a series of long timeouts.  So it may be a 
>>> considerable time before some emails in that queue are reached.  
>>> Nevertheless, in a traditional sendmail system, they will, 
>>> eventually, be reached and processed.
>>>
>>> But the spear-phishing script does a full restart of MailScanner, 
>>> including of that outbound queue processor, every hour.  So there is 
>>> considerable risk that some emails in the outbound queue may never 
>>> be reached at all, because that outbound processor will be killed 
>>> before those emails are ever reached.
>> If you're running a big system, why are you using the same machine(s) 
>> to deliver outbound mail as well as accept inbound mail? I split them 
>> into 2 separate jobs and use separate machines for each task. And you 
>> only need to do the phishing stuff on the inbound machines.
>>> (I'm still not clear why the script needs to restart the entire 
>>> email subsystem, including sendmail inbound/outbound, rather than 
>>> simply doing a "service MailScanner reload".)
>> Does a "reload" cause a re-compile of all the SpamAssassin rules? I 
>> don't think so. But a new "restartms" option would solve the problem, 
>> which just restarted MailScanner and didn't touch the sendmail 
>> processes. How about I add that to the init.d script?
>>
>> A pair of new init.d scripts are attached, one for the RedHat 
>> distribution and the other for the SuSE distribution. I would be 
>> grateful if you could try them out to check that "service MailScanner 
>> restartms" does what it is supposed to.
>>
>> Jules
>>
> Julian,
>
> In the RH version (didn't check the SuSE one), you need to add ";;" on 
> line 451.
Yes, I missed it there too. Thanks for that.
>
> Denis
> PS: I am trying to configure a server that could (in case of DR) play 
> both inbound and outbound roles at the same time.  I will be running 
> different sendmail and MS instances.  I think the current init script 
> won't play nice with this scheme because it "killproc MailScanner" 
> without regards about which instance it might belong to. Why don't you 
> use $MSPID instead?
Err... because I started by copying someone else's init.d script! I 
ideally want to send the TERM to the child processes as well, though, so 
they all get told to start dying.

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.1 (Build 287)
Comment: Use Enigmail to decrypt or check this message is legitimate
Charset: ISO-8859-1

wj8DBQFJqBVvEfZZRxQVtlQRAoG6AJ9gaezcZLAz5g5TtOHVLjoXTaECNQCg9A+O
mpyDRwnrPAEcm3nF92Md33E=
=M1ZY
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list