Andre Hübner schrieb: > Hello, > >> Andre Hübner: >>> Hello, >>> >>> for testing purposes i wrote a policy-service for postfix as a >>> shellscript. >>> My Script is working very well, iam happy with its functionality ;) >>> But unfortunately there is one problem when a lot of mails are >>> incoming. the >>> shellscript just does some grepping in small files etc. and is >>> giving back >>> a allowd result.. >>> My Shellscript is spawned from master.cf like this: >>> >>> policy-mycheck unix - n n - - spawn >>> user=nobody argv=nice -n 15 /usr/lib/postfix/mycheckscript.sh >>> >>> When a lot of mails are incoming i got a high number of zombies. as a >>> consequence of this my system load gets really high. >>> Are there some general methods to avoid this? >> >> Find out what is the parent process of the zombies. This parent >> process is not cleaning up as it should. >> >> Wietse > > hmm, i know, it is not a postfix issue but i am afraid i need further > help :( > at the moment i do not have an idea how to debug this. after sending > answer to postfix script is done and exits with 0, this works. > script just does only formating input-data from postfix and grepping in > files with basic shell commands and writing a linein maillog. i have no > idea where the zombies came from... > Is there a general way for debugging this? > > Thanks, > Andre
Hello Andre, what about forget this shell script (i dont think you will ever be lucky with it) and use fail2ban http://www.fail2ban.org to firewall the zombies for a configured time after all you should use all other allready implemented antispam features included in postfix ( google about it search in the list) a simple way may be i.e after you looked in log to fast reject dyn ip adresses i.e like this for smtpd_client stage smtpd_client_restrictions = ... permit_sasl_authenticated, permit_mynetworks, check_client_access hash:/etc/postfix/client_access, check_client_access pcre:/etc/postfix/dyn_spambotmap_client_access_pcre, reject_unknown_reverse_client_hostname, reject_rbl_client zen.spamhaus.org, reject_rbl_client combined.njabl.org, reject_rbl_client ix.dnsbl.manitu.net, .... /etc/postfix/dyn_spambotmap_client_access_pcre /c-.*hsd[0-9].*comcast.net/ REJECT Comcast worlds largest bot farm /cpe-.*res.rr.com/ REJECT Time Warner Road Runner cable spam bots /dsl.*\.ttnet.net.tr/ REJECT Turk Telekom spam bots /pool-.*verizon.net/ REJECT Verizon spam bots /.*dynamic\..*\.retail\.telecomitalia\.it/i REJECT SPAM_dyn_ip-add_networks /.*\.dyn-ip\.SPb\.SkyLink\.RU/i REJECT SPAM_dyn-ip-SPb-SkyLink /ppp.*\.home\.otenet\.gr/i REJECT clean your net from spam bots /ppp.*\.pppoe\.avangarddsl\.ru/i REJECT clean your net from spam bots /ppp.*\..*\.asianet\.co\.th/i REJECT clean your net from spam bots /dhcp-.*\.chello\.nl/i REJECT clean your net from spam bots /etc/postfix/client_access trafficmonkey.info REJECT Spam mailer ... 208.53.3.66 REJECT ... stopping Zombies is hard work and you will never win with all of them target should be beat them that way that you have no problem with your legal mail every domain has its own spam and zombies so analyse your logs you might try many combinations from antispam features fit to your needs there is no all around match kill them all i have a three letter domain which is bombed since years from zombies no feature got zombies out of the way, seems 3 letters are simply to easy to type in bot programming, but others reported bots stopping after a time by whatever speculated reason -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
