Floods of Emails Coming In To /var/spool/mqueue

Les Mikesell lesmikesell at gmail.com
Sun Jan 6 22:11:03 UTC 2008 

Robert L Cochran wrote:
> I have a server box running Fedora Core 2 which hasn't been updated 
> since sendmail 8.12.11-4.6.

If this machine is internet-exposed, you should replace it immediately 
with something that is still getting security updates.

> It has two mailman lists running on it which 
> are important to me. Also, over the last few years, I've set up 2-4 
> email accounts which are hosted by the server for the convenience of 
> guests who have stayed with us for vacations and so on. I haven't paid 
> much attention to either mailman or the email accounts over the years -- 
> they didn't cause an overt problem until now. Today I finally started 
> investigating why some of my posts to the mailing list were not coming 
> back to me as expected, and discovered that my /var/spool/mqueue 
> directory is monstrously bloated. Look at the '20668416' in the 
> directory listing (although I'm not sure what that number means, except 
> to indicate the directory has a lot of files in it):
> 
> drwx------   2 root   mail   20668416 Jan  6 15:58 mqueue
> 
> I deleted the folder and then recreated it with the same permissions. 
> But I'm still getting floods of emails from somewhere. 279 in the past 
> hour or so. They look like spam.

289 messages an hour is not something you'd call a 'flood' of spam by 
today's standards.  That's more like a dribble.  However, they shouldn't 
accumulate in your mqueue unless you are trying to send bounce messages 
about undeliverable addresses - and normally these should be rejected 
instead of rejecting/bouncing.  Look through your /var/log/maillog and 
see what you are accepting and what deliveries are failing.

> How can I put a stop to these emails -- do I need procmail recipes? Can 
> I configure sendmail to drop anything not coming in for a valid user? Or 
> is it best to upgrade to the latest version of Fedora and work on 
> tightening up processing of incoming emails? Is there any way of 
> stopping the tidal wave of spam? What is a sensible approach to fixing 
> this?

My favorite is MimeDefang as a front end to clamav and spamassassin. 
You can reject anything containing viruses or extremely high spam scores 
  and add a header to intermediate spam scores that mailman can detect 
for moderation.  It's a little work to set up, though.

-- 
   Les Mikesell
    lesmikesell at gmail.com

More information about the fedora-list mailing list