I had the same problem a couple of months back. After repeated attempts to
contact the admins of the broken servers (one of which was within
Microsoft), I patched qmail-smtpd.c to reject messages from servers sending
bare lfs. I've attached the patch.
I've tried blocking the broken servers via tcpserver with much less
success. They seem to startup again as soon as they are un-blocked.
Delanet Administration wrote:
> I have a few questions along the same lines.. I have tcp server set to
> limit to 900 as indicated below. However I've had several sites in the
> past month who send mail with stray linfeeds..it's becomming alot more
> common lately unfortunately. But the problem I have is qmail kills the
> connection with code 256, as expected. Their end immediately retries
> with no delay. I see a volume from one site alone of 36 attempts per
> second, with as much as 2,200 simultaneous connections to my smtp port
> from the site. It takes my mail server to it's knees, the queue builds
> up and no mail is processed until I block the site via tcp.smtp. This is
> then essentially a dos attack is it not? The server btw is a intel
> pII/300 with 256mb ram, qmail 1.03 with vpopmail and about 12k pop
> accounts covering 125 domains. Maildirs are mounted via nfs from a
> metastor raid array and queue is on a seperate scsi-2 drive from the OS
> (FreeBSD 3.4 stable).
>
> Is this a problem other people are having? I've scanned the lists
> concerning the stray linefeed problems and not found anything quite
> describing it the way it's happening to me. I end up contacting a more
> often than not clueless isp or company who is sending the message thats
> causing the overload. Usually I leave them blocked till the message
> expires in their queue. As a result, I have 9 sites now blocked in this
> manner. Is there a better way to handle this or is it a configuration
> problem on my server that causes the severe overload?
>
> --
> Stephen Comoletti
> Systems Administrator
> Delanet, Inc. http://www.delanet.com
> ph: (302) 326-5800 fax: (302) 326-5802
>
--
Robert Sanderson <[EMAIL PROTECTED]>
http://www.ETRN.com
--- qmail-smtpd.c.orig Fri Nov 12 23:08:08 1999
+++ qmail-smtpd.c Wed Dec 8 23:01:18 1999
@@ -47,7 +47,7 @@
void die_nomem() { out("421 out of memory (#4.3.0)\r\n"); flush(); _exit(1); }
void die_control() { out("421 unable to read controls (#4.3.0)\r\n"); flush();
_exit(1); }
void die_ipme() { out("421 unable to figure out my IP addresses (#4.3.0)\r\n");
flush(); _exit(1); }
-void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n");
flush(); _exit(1); }
+void straynewline() { out("551 See http://pobox.com/~djb/docs/smtplf.html also, NT
+users see http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP\r\n");
+flush(); _exit(1); }
void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list
(#5.7.1)\r\n"); }
void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed
rcpthosts (#5.7.1)\r\n"); }
@@ -58,6 +58,7 @@
void err_noop() { out("250 ok\r\n"); }
void err_vrfy() { out("252 send some mail, i'll try my best\r\n"); }
void err_qqt() { out("451 qqt failure (#4.3.0)\r\n"); }
+void err_etrn() { out("251 No need for ETRN. Delivery to your domain already
+started.\r\n"); }
stralloc greeting = {0};
@@ -229,7 +230,7 @@
}
void smtp_ehlo(arg) char *arg;
{
- smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250 8BITMIME\r\n");
+ smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n250 ETRN\r\n");
seenmail = 0; dohelo(arg);
}
void smtp_rset()
@@ -405,6 +406,7 @@
, { "help", smtp_help, flush }
, { "noop", err_noop, flush }
, { "vrfy", err_vrfy, flush }
+, { "etrn", err_etrn, flush }
, { 0, err_unimpl, flush }
} ;
