Hi All,
Going through the archives to research a problem I've
"seen with my own eyes", I'd appreciate any feedback,
war stories, comments from readers of this list:
I'm working with a company that sometimes sees it's
qmail servers take a huge hit, with very many qmail-smtpd
and qmail-queue processes suddenly appearing. This
appears superficially to be a DoS attack, and I understand
that high numbers of SMTP connections originate from the
same source IP. Qmail is setup under Solaris 2.7.
Reading through the archives, there appear to be various
possibilities:
- 1. It really is a malicious DoS attack.
- 2. Solaris is broken (esp. posts on this list from TAG on
7th June and 8th June)
- 3. The sending IP is using a broken mailer that's
generating bare LFs, and this mailer regards the
resulting temporary error code generated by qmail
as 'Please try again straightaway'.
I'd be particularly interested to know if anyone has come
across the 3rd possibility...
Note that the systems concerned don't currently use
the fixcrio filter - but I don't necessarily want to use this
for fear of breaking perfectly good E-mails at the same time.
I'd appreciate your comments on this.
cheers,
Andrew.
