headers
David Hubbard | 1 Jun 2004 01:37

Best way to deal with slow bounces?

Hi all, can anyone give me ideas on the best way to
deal with pseudo-DoS causing spammer domains that
exist with mx records but tie up qmail-remote
processes waiting on connections that need 60 seconds
each for qmail-remote to give up trying to talk to them?

We're having some problems where spammers will send
mailings to invalid addresses across numerous domains
we host at the same time.  So one spammer, if they hit
enough invalid addresses at enough of our hosted domains,
can cause several hundred or more bounce messages to
be generated at the same time.  If the envelope sender
domain they used for the spam has a valid mx for
qmail-remote to connect to, and that remote address is
one that just hangs, we've now got several hundred
hung qmail-remote processes not doing any valid work.

For example, someone will hit 200 domains with 5 bogus
messages each, so now we have 1000 bounce messages to
deliver to inbox.ru or whatever BS domain they chose
to use for the message.  Well inbox.ru is either too
overloaded because of all the spam bounces or is just
behind a blocking firewall, etc. and connections to it
to just hang rather than get refused.  So now we've got
1000 total qmail-remote processes that need to be
spawned at some point, each will wait 60 seconds for
the timeout on the connection, and then this will
repeat at least 20 times in my case due to my lower
queuelifetime.  So that's 333 hours of wasted qmail
remote time just from one spammer.
(Continue reading)

Permalink | Reply | 2 comments |
headers
Richard Lyons | 1 Jun 2004 02:37
Picon

Re: Best way to deal with slow bounces?

On Tue, 2004-06-01 at 09:37, David Hubbard wrote:

> We're having some problems where spammers will send
> mailings to invalid addresses across numerous domains

Have you tried installing one of the recipient check
patches?

> Is there a patch for a separate queuelifetime for bounce
> messages?  Then I could set that dramatically lower to
> at least clear them out quicker.

The attached patch works with the QMAILQUEUE patch.  If
a message is being bounced and the environment variable
BOUNCEQUEUE is set, QMAILQUEUE is set to the value of
BOUNCEQUEUE.  Set up a second instance of qmail, set the
value of queuelifetime in the new install to something
low, and set BOUNCEQUEUE to bin/qmail-queue in the new
install.

Alternatively, you could take something like
http://marc.theaimsgroup.com/?l=qmail&m=106929808800516&w=2
and modify it track slow domains, but you'll still have
the support issues you mentioned in your original post.

Rick.
Attachment (qmail-1.03-bouncequeue.patch): text/x-patch, 891 bytes
Permalink | Reply | 0 comments |
headers
Andrew | 1 Jun 2004 03:56

new version of courierpasswd

I've released courierpasswd 1.0.1, a new version of my checkpassword 
compatible program that interfaces with courier authentication modules. 
This version fixes a compilation error when used with the latest version 
of courier imap, 3.0.4. The version number has jumped to bring it in 
line with another tool I've written, courieruserinfo.

You can find courierpasswd at www.arda.homeunix.net/store/

Andrew
Permalink | Reply | 0 comments |
headers
X-Istence | 1 Jun 2004 04:11

Re: Some Q's about the qregex patch


Donboy2k wrote:
>
>>After the recent article claiming that Comcast sends out an average of
>>800 million messages daily with only 100 million coming from their
>>legitimate mail servers, perhaps they will change their policy.
>
>
> How could they possibly know that?  I mean, if the messages aren't going
> through their servers, then how do they know the number is 800 million?
> This must be somebody's estimate.  Or maybe there is a means of tracking
> it that I'm not aware of.

Cause they recently said so in an article on eWeek i believe, it was on
slashdot.org for a while. They are figures they can count due to
connections opened to other mail servers. And cause of spam databases
and whatnot.

>
>
>
>>That won't catch all of Comcast's dynamic space. We block Comcast
>>dynamic IPs on our mail servers (with Comcast's blessing I might add)
>>and we have to include a number of IP ranges in addition to
>>.client.comcast.net. It might be enough for Don's purpose however.
>
>
> Yeah, that would probably be good enough for me.  But I'm still
> curious... would you be opposed to sharing the IP ranges here on the
> list?  Or with me personally?
(Continue reading)

Permalink | Reply | 0 comments |
headers
Brian Reichert | 1 Jun 2004 05:26

Re: now qmail-todo wasting cpu

On Tue, Jun 01, 2004 at 12:57:55AM +0300, Ertan Yusufoglu wrote:
> I have two servers with almost the same configuration:
> (the difference is: one have kernel 2.4.20 the other 2.6.4 and 2.4.20 is
> 1.8Ghz the other is 2.0Ghz)

So, two different CPUs and two different kernels is 'almost the same?'

What about hardware?  RAM?  Swapsapce?  Disk characteristics?  Other
services running on these boxes?

> And also they have almost the same intensitiy.

'Almost the same?'  How are they different?

> Just want to know: why one of the servers(2.4.20) uses max %2 of cpu and the
> other(2.6.4) uses min %20 - max %99 of cpu when processing a message. Could
> you explain me this difference?

There are too many variables between the two machines, discussed
or otherwise, to directly compare them.

> While one of them uses ultra less cpu why I have to accept the other like a
> normal processing.
> But if you are sure that this is normal, that's ok. I'll never mention about
> this again...

Well, instead of 'normal', say 'within the realm of feasable'.

Consider your mail server as a complete system, comprised of various
subsystems.  Is the system, as a whole, failing in some manner?
(Continue reading)

Permalink | Reply | 1 comment |
headers
Denis Vlasenko | 1 Jun 2004 08:16
Picon

Re: now qmail-todo wasting cpu

On Tuesday 01 June 2004 06:26, Brian Reichert wrote:
> On Tue, Jun 01, 2004 at 12:57:55AM +0300, Ertan Yusufoglu wrote:
> > I have two servers with almost the same configuration:
> > (the difference is: one have kernel 2.4.20 the other 2.6.4 and 2.4.20 is
> > 1.8Ghz the other is 2.0Ghz)
>
> So, two different CPUs and two different kernels is 'almost the same?'
>
> What about hardware?  RAM?  Swapsapce?  Disk characteristics?  Other
> services running on these boxes?
>
> > And also they have almost the same intensitiy.
>
> 'Almost the same?'  How are they different?
>
> > Just want to know: why one of the servers(2.4.20) uses max %2 of cpu and
> > the other(2.6.4) uses min %20 - max %99 of cpu when processing a message.
> > Could you explain me this difference?
>
> There are too many variables between the two machines, discussed
> or otherwise, to directly compare them.

Wild guess: it's a result of 2.6 having 1/1000 timer tick.
--

-- 
vda
Permalink | Reply | 0 comments |
headers
Flavio Curti | 1 Jun 2004 09:27

qmail-queue custom log patch

Hi

I wrote a patch that allows qmail-queue (and wrappers around it) to exit
using a custom error message. 
You'll find it on my webpage[1]. If you want to use this feature, the
qmail-queue wrapper has to provide an error message on STDERR, starting 
with D for a permanent failure, and Z for a temporary one, and then 
exit(82).

I'm using it since a week on my private mail server and it works fine.
However there still may be bugs!

Hope it helps & Have a nice day

Flavio Curti

[1] https://no-way.org/uploads/6/27/qmail-queue-custom-error.patch

--
http://no-way.org/~fcu/

Mach mit bei der Community-Bibliothek
  - In Zuerich/CH http://zurich.communitybooks.org/
  - Worldwide http://dlpdev.theps.net/ListOfExistingDlpNodes
Permalink | Reply | 2 comments |
headers
Richard Lyons | 1 Jun 2004 10:16
Picon

Re: qmail-queue custom log patch

On Tue, 2004-06-01 at 17:27, Flavio Curti wrote:

> I wrote a patch that allows qmail-queue (and wrappers around it) to exit
> using a custom error message. 

+  char ch;
+  char errstr[256];
+  int len = 0;

...

+      if (exitcode == 82 && len > 2){
+        return errstr;
+      }

Note that you are returning a pointer to an automatic
variable here, depending on how your compiler lays out
your stack you might find the string gets zapped.

Rick.
Permalink | Reply | 0 comments |
headers
nednieuws | charles | 1 Jun 2004 11:40

tcpserver support

Does anyone know where to post questions w.r.t. tcpserver? Couldn't
find a link to a mailing list on cr.yp.to.

--

-- 
Regards, Charles.
Permalink | Reply | 1 comment |
headers
nednieuws | charles | 1 Jun 2004 12:13

smtp auth for domains not listed in locals/rcpthosts

I want to require authentication for all outgoing smtpd request (that is, relays
to domains not in locals/rcpthosts) to facilitate roaming users. How do I
do that?

I use qmail with SPAMCONTROL 2.212.

I've used:

:allow,REQUIREAUTH=""

but, of course, that requires auth for every connection.
--

-- 
Regards, Charles.
Permalink | Reply | 1 comment |

Gmane