[unisog] Super-hidden spamming exploits?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Oct 8 03:32:11 GMT 2003


On Tue, 07 Oct 2003 17:57:16 EDT, Jennifer Luisi said:

> I concede that I could really shoot myself in the foot here, but our name
> service has been very stable and is several layers deep.  I am probably
> being really optimistic, but if a user got an immediate failure when a
> submitting a message, would that really be so much worse than 4 hours or 5
> days of limbo?  They can simply try again and when the network/DNS is more
> stable.  And yell and scream, of course.

This is, of course, assuming that they in fact get an immediate failure.  Depending
on your configuration, much more evil things can happen..

Sendmail is sitting there trying to contact a dead DNS, and taking a minute or
so to timeout rather than getting an answer in some few hundredths of a second.
So you have more processes running and spinning their wheels - so the load
average goes up.  If you hit the 'queue-only' load average limit, stuff starts
getting queued up pretty indiscriminately.  And yes, it's QUITE possible for
the load-shedding done by going queue-only to ensure that the load average
doesn't get to the 'refuse connections' level, and you end up oscillating right
around the QueueLA value.

Eventually, something gets around to running the queue - and if DNS is still
out to lunch at that point, then if you treat problems as permanent, everything
double-bounces and whoever reads the 'postmaster' mailbox has a very bad day.

You can often weather out a lot of these issues by running a local caching DNS
server listening on 127.0.0.1 and salting its cache with useful local IP
addresses - just remember to keep the cache hints file up to date or you'll go
bonkers trying to figure out what happened (guess how I learned THAT one ;)

/Valdis (who would have had a *lot* easier time of it if OReilly had been in business
15 years before.  I wonder what critter they'd have used for BSD 4.2 and/or SunOS 3.2 ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031007/6aa4a9fa/attachment-0003.bin


More information about the unisog mailing list