[EMAIL PROTECTED] wrote: > I have a FreeBSD machine running qmail, SpamAssassin and ClamAV. The machine > is receiving 200,000 e-mail messages per day, courtesy of Rumpelstiltskin > attacks from thousands of different IP addresses each day, and SpamAssassin > appears to be overwhelmed. I have about 50,000 e-mail messages in my qmail > queue and the queue is growing by more than 1,000 e-mail messages per hour. > > I want to temporarily disable SpamAssassin to free up enough resources to let > the mail queue clear. How do I do that? > > If anyone knows how to temporarily disable ClamAV too, I'd be ecstatic to > learn how to do that too. > > I've read Life with qmail and the SpamAssassin documentation at > http://spamassassin.apache.org/ but I'm not connecting the dots. > Unfortunately, I didn't set up this machine and I don't have a good grasp of > qmail, SpamAssassin and ClamAV. > > Thanks in advance for any guidance and all practical suggestions you can > offer. > First: I know very little about qmail setups. I find qmail very difficult to keep track of due to the large number of third party patches that "everyone" seems to use.
Well, the exact method of disabling spamassasin is going to depend on exactly how SA was "connected" to qmail in the first place.. >From what I recall, some folks directly add it to the qmail-queue process (using a patch to cause this to happen in the first place). You might want to look at your QMAILQUEUE environment variable, and see what it points to. Check to see if that's pointing to spamassassin, spamc, or some script that calls one or the other. From there, modifying that script, or re-pointing it to one that doesn't call SA, should disable SA. After you get your queue cleared, your first priority should be fixing your qmail to not blindly accept all messages and validate recipients at the time of the SMTP RCPT TO: command like a sane MTA. Blind accepting is going to cause you permanent problems due to the common nature of Rumpelstiltskin attacks. Also, all the misdirected bounces your server generates as a result are likely to get you blacklisted in spamcop. Again, I'm no qmail expert, but spamcop does have some advice pointing to patches that try to fix qmail's default "accept everything and sort it out after it's been queued" behavior. http://spamcop.net/fom-serve/cache/329.html Yes, the really simple accept-everything approach is part of why DJB can claim qmail is hard to exploit for code execution. If there's very little code involved in the SMTP connection handling, there's less code to try to exploit. Unfortunately, this design also makes it really easy to abuse to DoS the qmail server or abuse it to perform mail-bounce attacks on everyone else. Such attacks are really common as an accident of modern spamming practices, so patching qmail so it no longer does this is critical to making your mailserver survive. > > >
