[unisog] Super-hidden spamming exploits?

Jennifer Luisi jlui at ats.rochester.edu
Tue Oct 7 21:57:16 GMT 2003


On Tue, 7 Oct 2003 Valdis.Kletnieks at vt.edu wrote:

> On Tue, 07 Oct 2003 13:40:16 EDT, Jennifer Luisi <jlui at ats.rochester.edu>  said:
> > We've been seeing a lot of this lately as well.  And maybe everyone does
> > this already, but I've recently been thinking of tweaking sendmail to hard
> > reject all mail without a resolvable sender.
>
> Damned good way to bounce all your *own* mail if your nameserver goes down for a
> bit.... "Oh, the router to the DNS server on the other subnet hiccupped and we
> dropped 10,000 messages...."
>
> Of course, if you're positive you'll never have a DNS server crash or go nuts,
> or have a tech unplug the wrong cable,  or the banana-eaters in the NOC mess
> up an ACL on a router, or......

I concede that I could really shoot myself in the foot here, but our name
service has been very stable and is several layers deep.  I am probably
being really optimistic, but if a user got an immediate failure when a
submitting a message, would that really be so much worse than 4 hours or 5
days of limbo?  They can simply try again and when the network/DNS is more
stable.  And yell and scream, of course.

> It defaults to tempfail because those of us who did the Sendmail code realized
> it's just too easy to lose mail that way.  If you're *REALLY* intent on doing
> something here, use the Sendmail 8.12 queue facilities to route all those
> pieces of mail that throw a tempfail on the DNS into a queue with no queue
> runners, and then run that queue with another instance of sendmail that has a
> lower value for the Timeout.queuereturn (default is 5 days, I'd not put it
> under 3 days unless you watch it like a hawk....)

This is not a bad idea but doesn't keep spam crud off the machine in the
first place.  Oh well, it doesn't look like either solution is really
what I'm looking for.  I don't want to subvert sendmail, just keep mail
service afloat and more or less efficient.  Sigh.


Jen

-------------------------------------------------------
Jennifer Luisi				University of Rochester
Systems Administrator			Rochester, NY
jennifer.luisi at rochester.edu		(585) 275-9106
-----------------------------------------------------------------



More information about the unisog mailing list