Dear List ISP Postfix setup here. Yesterday, we noticed one of our servers was accumulating email in the incoming queue. Emails were received but not delivered locally.
It turned out, one file in the 'active' queue, was causing qmgr to crash: postfix/qmgr[86256]: fatal: unix-domain name too long: private/fwZ+GX2pP7y/mKTz0/vD8xX7o/8OTv2Lf8AogVz/wCHC8Rf/JdR/wDDk/8AYx/6ILJ/4cDxD/8AJtL/AIj5gP8AoGn+Af6iS/5+/gz8MvPT+8PzFL9qT+8v5iv3M/4cn/sY/wDRBZP/AA4HiH/5NqT/AIcl/sYf9EEm/wDDgeIf/k2j/iPmA/6Bp/gH+okv+fv4M/C/7Un95fzFJ5q+q/8AfX/16/dH/hyf+xb/ANEDuP8Aw4PiL/5LqP8A4cn/ALGP/RBZP/DgeIf/AJNp/wDEe8B/0DT/APJQ/wBRJf8AP38Gfhn9qT+8v5ik8+P++PzFfub/AMOU/wBi/wD6ILL/AOHA8Q//ACbR/wAOT/2Mf+iCyf8AhwPEP/ybSfj7l6/5hp/gH+okv+fv4M/DKW6ihX5mUD1Lf/XrL1nx9pehXBie8R7kDK24JDr7sNrcV+8Vn/wRd/Y1sZFkX4CqZx0E/jPX7qI/VXvCK9l+C/wZ+GP7K6NF8LPhP4A8BzIuw3un6SJNWuF9HusCRh9Wrlxfj1Q9hbDYdp+bR0YbgSCf72dz8o/2M/8Aggr8Tv2lYdN8R/GOS5+DXw5nH2h7K4kS18W6vHtXi3tpd0dtHy2XuMzDbxA24V+r/wAPPAvhX4F/CbS/Bnw+8P2nhTwP4fR44tOtCzxjecvcTS/fmuGIJLtlieprfvdUuNTvZp555JJrk5kcscsfUnvUD/vJkkbl423qx6q3qD6+9fiHE/GOZZ9Vc8bL3ekVsvQ+2y3LMPgo8tKIQybl2HnnNVZoM1KIyD1pTzFXyp6JSmhqPFXCM1XlhxWZoRlQR0H5VUq/iqk4wazNCGWDAxTYJtlWDzVWWEig3pyLRCE0VTAI9aKx5SuZnv8AsHoPyqAsTLViq/eu48oJxg1FLFipTzUZbNVcqxEYiTVe4jMjhmJLDoT1FXaiuBxV6dR8z6FTY3qajul3HkZ+tW8VFNBmtLE/Mo2900XVavRXuar+RmmCIis7sPmaBGajmjNVoLoxv8zE/U1bjug3XB+tO4fMoTWre9QzRmtOcVXmgouLXuY80RFRyxkVcmiqA80cyHr3KcyN6n86dHdNb+30qzcIM9B+VVJozU80i7Gja6uLkbTwauNN5qcVzoiKnjirdlqLR9c/jVcxPL5s0Jrf2qrV62uhP2/OkltgI+g/KjmQcr/mZkTQVCDsq/NDsqtNBRzF3fch3VJuqOpKkLvuFFFFVzILvuJj97UYGJaXdzR3pXD5slimzTiN/T9KgHFWIZBRcLvuV5D5dG6priDzKZ5Jouwu+4zdRuoop8yC77hupJxS08jNK7C77jYXJ7mn1HL8vTj6UsUuafMF33E3UbqknGDSYo5gu+5JioN1SbqJxg0rsLvuV52IFLFPmnEZqMDFRJNhd9yTGBiq01tgdB+VWo/3sfFRXB4rSMktGha2IvIqGrm6otg9B+VYgMk4hqnIfLFXJulQzwZoAbGvmVFNFSxk2t1uJ+X07VLOqyJwazehdylURUHsPyqfyvkps4wamxpcrYqCep5+BTLgc1JrTIfsp96KtUVmaHuFJsHoPypaK7rHllf/AJa1HNxU/knNMuBzUmhHUZ5qSo60MyOg80+cYFMrTnAr7qTFSeSaZS5AK3kkmoxM4qzLGRUWR/tVAE5uwalIzFWbOcGpYbor1JP1NABNBVPyK045BLUEsGEoAoEZqvNFVyWLFRkZoLuUJ+DUecVamgzVSWMigY+O+e3O7JA9M1p22rieso/MMVGiNH0JH0oA32QS9hVO7hxUVnqTJ97J+tXnjWZOtAGbLBim1dmtDVXyTQAyo91T4qPFTcBlFFFUAScTUA4oPJooAsQzb/vcUTsQKr7qljlDdefrQA3yTTKsbqrzcUAPxTJmxS+cKiLZoAkPNIISKWpKAGRzbuvP1p8/BqIQ4kqVv3lAEe6idjSSxkUp5oAj3U/FGKWgCN After removing that file from 'active' postfix resumed delivering email. I looked at the file. It's obviously some spam email, but that was normally received via SMTP. So if any attacker could craft such emails, I guess a DOS attack could be run against qmgr. I have saved that file. Would any of the devs like to have a look at it to find out why this crashes qmgr with this 'unix domain name too long' error? -- Mit freundlichen Grüssen -Benoît Panizzon- @ HomeOffice und normal erreichbar -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________
