Floods of Emails Coming In To /var/spool/mqueue
Les Mikesell
lesmikesell at gmail.com
Sun Jan 6 22:11:03 UTC 2008
Robert L Cochran wrote:
> I have a server box running Fedora Core 2 which hasn't been updated
> since sendmail 8.12.11-4.6.
If this machine is internet-exposed, you should replace it immediately
with something that is still getting security updates.
> It has two mailman lists running on it which
> are important to me. Also, over the last few years, I've set up 2-4
> email accounts which are hosted by the server for the convenience of
> guests who have stayed with us for vacations and so on. I haven't paid
> much attention to either mailman or the email accounts over the years --
> they didn't cause an overt problem until now. Today I finally started
> investigating why some of my posts to the mailing list were not coming
> back to me as expected, and discovered that my /var/spool/mqueue
> directory is monstrously bloated. Look at the '20668416' in the
> directory listing (although I'm not sure what that number means, except
> to indicate the directory has a lot of files in it):
>
> drwx------ 2 root mail 20668416 Jan 6 15:58 mqueue
>
> I deleted the folder and then recreated it with the same permissions.
> But I'm still getting floods of emails from somewhere. 279 in the past
> hour or so. They look like spam.
289 messages an hour is not something you'd call a 'flood' of spam by
today's standards. That's more like a dribble. However, they shouldn't
accumulate in your mqueue unless you are trying to send bounce messages
about undeliverable addresses - and normally these should be rejected
instead of rejecting/bouncing. Look through your /var/log/maillog and
see what you are accepting and what deliveries are failing.
> How can I put a stop to these emails -- do I need procmail recipes? Can
> I configure sendmail to drop anything not coming in for a valid user? Or
> is it best to upgrade to the latest version of Fedora and work on
> tightening up processing of incoming emails? Is there any way of
> stopping the tidal wave of spam? What is a sensible approach to fixing
> this?
My favorite is MimeDefang as a front end to clamav and spamassassin.
You can reject anything containing viruses or extremely high spam scores
and add a header to intermediate spam scores that mailman can detect
for moderation. It's a little work to set up, though.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list