Re: Sendmail + DoS???

23/09/2006, 06h51

> The problem, if I understand correctly, is that the connections are
> left open for a long time. The solution is to create a new
> configuration file with at least the following features:
>
> FEATURE(`access_db')dnl
> FEATURE(`ratecontrol', , `terminate')dnl
> FEATURE(`conncontrol', , `terminate')dnl
> define(`confCONNECTION_RATE_THROTTLE', `10')dnl
> define(`confBAD_RCPT_THROTTLE', `2')dnl
>
> I would also recommend this one:
>
> FEATURE(`greet_pause', `5000')dnl

Hi Rene and group,
I have utilized all your suggestions, and I now totally understand
their meaning (especially after reading the excellent article from
Weldon Whipple (http://www.technoids.org/dossed.html). I am completely
happy about them, they block a large number of connections. I still
have the 'open connection' problem, though (I am not sure this has
something to do with attacks), and it still consumes server resources.
I explain:

If some mesage manages to 'pass' the limits, but the server is perhaps
a bogus one, our server tries to send back the usual bounce. Although
my sendmail runs as '-bd -q1h' you can see below the connection remains
and it constantly tries to send the response. I was wondering how to
configure a 'max retry timeout' to overcome this problem.

Sep 23 03:57:46 myserver sendmail[16283]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:12:46, xdelay=00:03:09,
mailer=esmtp, pri=32250000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:06:12 myserver sendmail[16811]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:21:12, xdelay=00:03:10,
mailer=esmtp, pri=32340000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:10:12 myserver sendmail[17409]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:25:12, xdelay=00:03:09,
mailer=esmtp, pri=32430000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:14:55 myserver sendmail[17651]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:29:55, xdelay=00:03:09,
mailer=esmtp, pri=32520000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:19:20 myserver sendmail[17707]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:34:20, xdelay=00:03:09,
mailer=esmtp, pri=32610000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:22:48 myserver sendmail[17731]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:37:48, xdelay=00:03:09,
mailer=esmtp, pri=32700000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:27:40 myserver sendmail[17851]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:42:40, xdelay=00:03:09,
mailer=esmtp, pri=32790000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:37:05 myserver sendmail[18752]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:52:05, xdelay=00:03:09,
mailer=esmtp, pri=32880000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:41:05 myserver sendmail[18813]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:56:05, xdelay=00:03:09,
mailer=esmtp, pri=32970000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:44:46 myserver sendmail[18974]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+02:59:46, xdelay=00:03:09,
mailer=esmtp, pri=33060000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:48:06 myserver sendmail[19259]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:03:06, xdelay=00:03:09,
mailer=esmtp, pri=33150000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:52:49 myserver sendmail[19397]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:07:49, xdelay=00:03:09,
mailer=esmtp, pri=33240000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 04:56:46 myserver sendmail[19500]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:11:46, xdelay=00:03:09,
mailer=esmtp, pri=33330000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:05:56 myserver sendmail[20282]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:20:56, xdelay=00:03:09,
mailer=esmtp, pri=33420000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:09:42 myserver sendmail[20148]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:24:42, xdelay=00:03:09,
mailer=esmtp, pri=33510000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:13:37 myserver sendmail[20803]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:28:37, xdelay=00:03:09,
mailer=esmtp, pri=33600000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:17:39 myserver sendmail[20925]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:32:39, xdelay=00:03:09,
mailer=esmtp, pri=33690000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:23:46 myserver sendmail[21344]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:38:46, xdelay=00:03:09,
mailer=esmtp, pri=33780000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:27:11 myserver sendmail[21357]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:42:11, xdelay=00:03:09,
mailer=esmtp, pri=33870000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:39:07 myserver sendmail[22077]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:54:07, xdelay=00:03:09,
mailer=esmtp, pri=33960000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:44:12 myserver sendmail[22123]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+03:59:12, xdelay=00:03:09,
mailer=esmtp, pri=34050000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:47:55 myserver sendmail[22511]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+04:02:55, xdelay=00:03:09,
mailer=esmtp, pri=34140000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:51:38 myserver sendmail[22695]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+04:06:38, xdelay=00:03:09,
mailer=esmtp, pri=34230000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 05:54:48 myserver sendmail[22556]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+04:09:48, xdelay=00:03:09,
mailer=esmtp, pri=34320000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 06:06:37 myserver sendmail[23483]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+04:21:37, xdelay=00:03:09,
mailer=esmtp, pri=34410000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 06:12:50 myserver sendmail[23321]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+04:27:50, xdelay=00:03:09,
mailer=esmtp, pri=34500000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 06:16:07 myserver sendmail[23653]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+04:31:07, xdelay=00:03:09,
mailer=esmtp, pri=34590000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 06:20:39 myserver sendmail[24003]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+04:35:39, xdelay=00:03:09,
mailer=esmtp, pri=34680000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 06:24:28 myserver sendmail[24148]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+04:39:28, xdelay=00:03:09,
mailer=esmtp, pri=34770000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.
Sep 23 06:28:41 myserver sendmail[24482]: k8LMj0ci005712:
to=<ekiehl@infozines.com>, delay=1+04:43:41, xdelay=00:03:09,
mailer=esmtp, pri=37560000, relay=infozines.com. [204.251.15.174],
dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.

23/09/2006, 08h22

grpprod wrote:

> > The problem, if I understand correctly, is that the connections are
> > left open for a long time. The solution is to create a new
> > configuration file with at least the following features:
> >
> > FEATURE(`access_db')dnl
> > FEATURE(`ratecontrol', , `terminate')dnl
> > FEATURE(`conncontrol', , `terminate')dnl
> > define(`confCONNECTION_RATE_THROTTLE', `10')dnl
> > define(`confBAD_RCPT_THROTTLE', `2')dnl
> >
> > I would also recommend this one:
> >
> > FEATURE(`greet_pause', `5000')dnl
>
> Hi Rene and group,
> I have utilized all your suggestions, and I now totally understand
> their meaning (especially after reading the excellent article from
> Weldon Whipple (http://www.technoids.org/dossed.html). I am completely
> happy about them, they block a large number of connections. I still
> have the 'open connection' problem, though (I am not sure this has
> something to do with attacks), and it still consumes server resources.
> I explain:
>
> If some mesage manages to 'pass' the limits, but the server is perhaps
> a bogus one, our server tries to send back the usual bounce. Although
> my sendmail runs as '-bd -q1h' you can see below the connection remains
> and it constantly tries to send the response. I was wondering how to
> configure a 'max retry timeout' to overcome this problem.
>
> Sep 23 03:57:46 myserver sendmail[16283]: k8LMj0ci005712:
> to=<ekiehl@infozines.com>, delay=1+02:12:46, xdelay=00:03:09,
> mailer=esmtp, pri=32250000, relay=infozines.com. [204.251.15.174],
> dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.

Something is wrong here, sendmail doesn't retry that often (by
default).

First thing is that the connection is not left open, not from what is
shown in this log. This shows sendmail trying to deliver a message to
a server that doesn't respond (could be a firewall with no mail server
behind, for instance).

Second, it's probably not a bounce (unless you have a complex
configuration, i.e. sendmail doesn't accept messages it cannot deliver,
unless you told it to do it for some reason). You could see the
message that sendmail is trying to send by going into the mqueue
directory and looking at the 2 files that end with k8LMj0ci005712 (the
qf and df files) one has the description of the operation the other has
the message.

There's very little you can do if the other server doesn't respond.
Sendmail will keep trying for a default of 5 days
(Timeout.queuereturn).

Now the real problem, why is sendmail re-trying every 3 minutes?

You could just increase that time using MinQueueAge, which by defailt
is 0 (not set), but if you really had a queue run time of 1h this would
not be necessary. Somewhere you have the 3m queue run time setting,
probably in the parameters used to run sendmail. The MinQueueAge is
used for controlling fast queue run times in a way that new messages
get sent fast, but the ones that could not be sent are in a slower
frequency (so to speak).

HTH
--
René Berber

23/09/2006, 15h22

> Now the real problem, why is sendmail re-trying every 3 minutes?
>
Thanks for the reply. It seems we were all going to the wrong
direction. I fould something really interesting, everyone reading this
group should have a look:

http://lists.mailscanner.info/piperm...er/065063.html

23/09/2006, 06h51	#1
grpprod@gmail.com Messages: n/a Hébergeur:	Re: Sendmail + DoS??? > The problem, if I understand correctly, is that the connections are > left open for a long time. The solution is to create a new > configuration file with at least the following features: > > FEATURE(`access_db')dnl > FEATURE(`ratecontrol', , `terminate')dnl > FEATURE(`conncontrol', , `terminate')dnl > define(`confCONNECTION_RATE_THROTTLE', `10')dnl > define(`confBAD_RCPT_THROTTLE', `2')dnl > > I would also recommend this one: > > FEATURE(`greet_pause', `5000')dnl Hi Rene and group, I have utilized all your suggestions, and I now totally understand their meaning (especially after reading the excellent article from Weldon Whipple (http://www.technoids.org/dossed.html). I am completely happy about them, they block a large number of connections. I still have the 'open connection' problem, though (I am not sure this has something to do with attacks), and it still consumes server resources. I explain: If some mesage manages to 'pass' the limits, but the server is perhaps a bogus one, our server tries to send back the usual bounce. Although my sendmail runs as '-bd -q1h' you can see below the connection remains and it constantly tries to send the response. I was wondering how to configure a 'max retry timeout' to overcome this problem. Sep 23 03:57:46 myserver sendmail[16283]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:12:46, xdelay=00:03:09, mailer=esmtp, pri=32250000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:06:12 myserver sendmail[16811]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:21:12, xdelay=00:03:10, mailer=esmtp, pri=32340000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:10:12 myserver sendmail[17409]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:25:12, xdelay=00:03:09, mailer=esmtp, pri=32430000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:14:55 myserver sendmail[17651]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:29:55, xdelay=00:03:09, mailer=esmtp, pri=32520000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:19:20 myserver sendmail[17707]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:34:20, xdelay=00:03:09, mailer=esmtp, pri=32610000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:22:48 myserver sendmail[17731]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:37:48, xdelay=00:03:09, mailer=esmtp, pri=32700000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:27:40 myserver sendmail[17851]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:42:40, xdelay=00:03:09, mailer=esmtp, pri=32790000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:37:05 myserver sendmail[18752]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:52:05, xdelay=00:03:09, mailer=esmtp, pri=32880000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:41:05 myserver sendmail[18813]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:56:05, xdelay=00:03:09, mailer=esmtp, pri=32970000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:44:46 myserver sendmail[18974]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+02:59:46, xdelay=00:03:09, mailer=esmtp, pri=33060000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:48:06 myserver sendmail[19259]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:03:06, xdelay=00:03:09, mailer=esmtp, pri=33150000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:52:49 myserver sendmail[19397]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:07:49, xdelay=00:03:09, mailer=esmtp, pri=33240000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 04:56:46 myserver sendmail[19500]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:11:46, xdelay=00:03:09, mailer=esmtp, pri=33330000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:05:56 myserver sendmail[20282]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:20:56, xdelay=00:03:09, mailer=esmtp, pri=33420000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:09:42 myserver sendmail[20148]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:24:42, xdelay=00:03:09, mailer=esmtp, pri=33510000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:13:37 myserver sendmail[20803]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:28:37, xdelay=00:03:09, mailer=esmtp, pri=33600000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:17:39 myserver sendmail[20925]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:32:39, xdelay=00:03:09, mailer=esmtp, pri=33690000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:23:46 myserver sendmail[21344]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:38:46, xdelay=00:03:09, mailer=esmtp, pri=33780000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:27:11 myserver sendmail[21357]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:42:11, xdelay=00:03:09, mailer=esmtp, pri=33870000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:39:07 myserver sendmail[22077]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:54:07, xdelay=00:03:09, mailer=esmtp, pri=33960000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:44:12 myserver sendmail[22123]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+03:59:12, xdelay=00:03:09, mailer=esmtp, pri=34050000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:47:55 myserver sendmail[22511]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+04:02:55, xdelay=00:03:09, mailer=esmtp, pri=34140000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:51:38 myserver sendmail[22695]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+04:06:38, xdelay=00:03:09, mailer=esmtp, pri=34230000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 05:54:48 myserver sendmail[22556]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+04:09:48, xdelay=00:03:09, mailer=esmtp, pri=34320000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 06:06:37 myserver sendmail[23483]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+04:21:37, xdelay=00:03:09, mailer=esmtp, pri=34410000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 06:12:50 myserver sendmail[23321]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+04:27:50, xdelay=00:03:09, mailer=esmtp, pri=34500000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 06:16:07 myserver sendmail[23653]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+04:31:07, xdelay=00:03:09, mailer=esmtp, pri=34590000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 06:20:39 myserver sendmail[24003]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+04:35:39, xdelay=00:03:09, mailer=esmtp, pri=34680000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 06:24:28 myserver sendmail[24148]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+04:39:28, xdelay=00:03:09, mailer=esmtp, pri=34770000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Sep 23 06:28:41 myserver sendmail[24482]: k8LMj0ci005712: to=<ekiehl@infozines.com>, delay=1+04:43:41, xdelay=00:03:09, mailer=esmtp, pri=37560000, relay=infozines.com. [204.251.15.174], dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com.

23/09/2006, 08h22	#2
René Berber Messages: n/a Hébergeur:	Re: Sendmail + DoS??? grpprod wrote: > > The problem, if I understand correctly, is that the connections are > > left open for a long time. The solution is to create a new > > configuration file with at least the following features: > > > > FEATURE(`access_db')dnl > > FEATURE(`ratecontrol', , `terminate')dnl > > FEATURE(`conncontrol', , `terminate')dnl > > define(`confCONNECTION_RATE_THROTTLE', `10')dnl > > define(`confBAD_RCPT_THROTTLE', `2')dnl > > > > I would also recommend this one: > > > > FEATURE(`greet_pause', `5000')dnl > > Hi Rene and group, > I have utilized all your suggestions, and I now totally understand > their meaning (especially after reading the excellent article from > Weldon Whipple (http://www.technoids.org/dossed.html). I am completely > happy about them, they block a large number of connections. I still > have the 'open connection' problem, though (I am not sure this has > something to do with attacks), and it still consumes server resources. > I explain: > > If some mesage manages to 'pass' the limits, but the server is perhaps > a bogus one, our server tries to send back the usual bounce. Although > my sendmail runs as '-bd -q1h' you can see below the connection remains > and it constantly tries to send the response. I was wondering how to > configure a 'max retry timeout' to overcome this problem. > > Sep 23 03:57:46 myserver sendmail[16283]: k8LMj0ci005712: > to=<ekiehl@infozines.com>, delay=1+02:12:46, xdelay=00:03:09, > mailer=esmtp, pri=32250000, relay=infozines.com. [204.251.15.174], > dsn=4.0.0, stat=Deferred: Connection timed out with infozines.com. Something is wrong here, sendmail doesn't retry that often (by default). First thing is that the connection is not left open, not from what is shown in this log. This shows sendmail trying to deliver a message to a server that doesn't respond (could be a firewall with no mail server behind, for instance). Second, it's probably not a bounce (unless you have a complex configuration, i.e. sendmail doesn't accept messages it cannot deliver, unless you told it to do it for some reason). You could see the message that sendmail is trying to send by going into the mqueue directory and looking at the 2 files that end with k8LMj0ci005712 (the qf and df files) one has the description of the operation the other has the message. There's very little you can do if the other server doesn't respond. Sendmail will keep trying for a default of 5 days (Timeout.queuereturn). Now the real problem, why is sendmail re-trying every 3 minutes? You could just increase that time using MinQueueAge, which by defailt is 0 (not set), but if you really had a queue run time of 1h this would not be necessary. Somewhere you have the 3m queue run time setting, probably in the parameters used to run sendmail. The MinQueueAge is used for controlling fast queue run times in a way that new messages get sent fast, but the ones that could not be sent are in a slower frequency (so to speak). HTH -- René Berber

23/09/2006, 15h22	#3
grpprod@gmail.com Messages: n/a Hébergeur:	Re: Sendmail + DoS??? > Now the real problem, why is sendmail re-trying every 3 minutes? > Thanks for the reply. It seems we were all going to the wrong direction. I fould something really interesting, everyone reading this group should have a look: http://lists.mailscanner.info/piperm...er/065063.html

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email