Mail Cluster Update.

Sun Apr 4 17:41:46 PDT 2004 — Mail Cluster Update. We’ve fixed the DoS ‘attack’ that was responsible for the recent instability problems with our mail cluster. Astute users may see the connection between the last two MOTDs. In order to restore stability to our mail cluster we finally broke down and disabled anti-virus filtering – with filtering on our POP servers, customers were still protected. This allowed the customer created mail bomb to pass through our systems, eventually filling up /home where the customer delivers their mail. Although a mail loop was expected they can be quite hard to track down. We will also be enforcing very high hard quotas to prevent a single user from filling all available space. The messages created by the mail loop contained deeply recursive MIME parts. These messages take a great deal of memory to scan since each part must be disassembled, decoded and scanned for viruses. This morning we modified our anti virus-software to reject deeply recursive MIME encoded messages before scanning them for viruses and reenabled anti-virus filtering on our MTAs. We’ve also been in contact with the developers of both projects that we use in regards to this problem.

Shell Users: The Operations department urges caution when forwarding mail, especially when this is done with procmail. If you are currently forwarding mail in procmail without loop detection please man procmailex to see examples on how to properly forward mail with procmail. Procmail is a very powerful tool and can do alot of damage to our systems. In an extreme case, misuse of procmail will be interpreted as a violation of our AUP. -Kelsey, Nathan and Scott

Leave a Reply

Your email address will not be published.

*