On 2006/10/15 at 05:25:25AM -0700, Rob Baldassano wrote:
> Help, I need some advice.
> Sendmail stopped sending out and receiving mails.
> I looked at top, and sendmail is running (Numerous instances), but it just
> won't send anything.
> Additionally, trying to login takes up to 3 minutes (kerberos problem?
>
> Thanks for any assistance you can provide.
Do you have your own domain?
There is a spamer out there (in Russia, IIRC) who is making a
practice of forging lots of the same domain name in one massive spam
run, with bogus usernames of the form:
<first-name><two-initials><lastname> all run together
And -- he does not have a particularly clean list of addresses, so there
are *lots* of bounce messages.
I'm running qmail, not sendmail, and if I don't do anything
about it, my systems run to a load average of 256 and then lock up
(these happen to be older Solaris systems, not OpenBSD). However, since
qmail can be run from inetd.conf, I have set up a shell script which
checks the system load average (with a small quick binary program which
simply tests whether the load average is above or below a threshold
passed on the command line, and returns a status corresponding to that).
If the load average is over eight, it swaps in a second inetd.conf which
has the qmail incoming SMTP entry commented out, and when the load
average finally falls below that, it re-enables the incoming SMTP
connections. This allows the systems (with peak load averages of
somewhere around 64) to survive the flood, and eventually drain the pool
of incoming bounce messages.
Of course -- there is nothing so simple as blocking the source,
as you are receiving the bounces from his victim's systems, not the
original spam, which are themselves coming from a large number of
compromised machines around the world.
These seem to be happening about once a week now, with one
starting this morning.
If you have your own domain, and he happens to be forging your
domain today, you will also have a massively overloaded sendmail, and
the only easy cure is to disconnect from the net until sendmail catches
up. (You might want to look in the queue to see what is being
processed. Today's spam seems to be a weight loss spam.)
Good Luck,
DoN.
--
Email: <[EMAIL PROTECTED]> | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---
