Robert L Cochran wrote:
I have a server box running Fedora Core 2 which hasn't been updated
since sendmail 8.12.11-4.6.
If this machine is internet-exposed, you should replace it immediately
with something that is still getting security updates.
It has two mailman lists running on it which
are important to me. Also, over the last few years, I've set up 2-4
email accounts which are hosted by the server for the convenience of
guests who have stayed with us for vacations and so on. I haven't paid
much attention to either mailman or the email accounts over the years --
they didn't cause an overt problem until now. Today I finally started
investigating why some of my posts to the mailing list were not coming
back to me as expected, and discovered that my /var/spool/mqueue
directory is monstrously bloated. Look at the '20668416' in the
directory listing (although I'm not sure what that number means, except
to indicate the directory has a lot of files in it):
drwx------ 2 root mail 20668416 Jan 6 15:58 mqueue
I deleted the folder and then recreated it with the same permissions.
But I'm still getting floods of emails from somewhere. 279 in the past
hour or so. They look like spam.
289 messages an hour is not something you'd call a 'flood' of spam by
today's standards. That's more like a dribble. However, they shouldn't
accumulate in your mqueue unless you are trying to send bounce messages
about undeliverable addresses - and normally these should be rejected
instead of rejecting/bouncing. Look through your /var/log/maillog and
see what you are accepting and what deliveries are failing.
How can I put a stop to these emails -- do I need procmail recipes? Can
I configure sendmail to drop anything not coming in for a valid user? Or
is it best to upgrade to the latest version of Fedora and work on
tightening up processing of incoming emails? Is there any way of
stopping the tidal wave of spam? What is a sensible approach to fixing
this?
My favorite is MimeDefang as a front end to clamav and spamassassin.
You can reject anything containing viruses or extremely high spam scores
and add a header to intermediate spam scores that mailman can detect
for moderation. It's a little work to set up, though.
--
Les Mikesell
lesmikesell@xxxxxxxxx