[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Floods of Emails Coming In To /var/spool/mqueue



Robert L Cochran wrote:
I have a server box running Fedora Core 2 which hasn't been updated since sendmail 8.12.11-4.6.

If this machine is internet-exposed, you should replace it immediately with something that is still getting security updates.

It has two mailman lists running on it which are important to me. Also, over the last few years, I've set up 2-4 email accounts which are hosted by the server for the convenience of guests who have stayed with us for vacations and so on. I haven't paid much attention to either mailman or the email accounts over the years -- they didn't cause an overt problem until now. Today I finally started investigating why some of my posts to the mailing list were not coming back to me as expected, and discovered that my /var/spool/mqueue directory is monstrously bloated. Look at the '20668416' in the directory listing (although I'm not sure what that number means, except to indicate the directory has a lot of files in it):

drwx------   2 root   mail   20668416 Jan  6 15:58 mqueue

I deleted the folder and then recreated it with the same permissions. But I'm still getting floods of emails from somewhere. 279 in the past hour or so. They look like spam.

289 messages an hour is not something you'd call a 'flood' of spam by today's standards. That's more like a dribble. However, they shouldn't accumulate in your mqueue unless you are trying to send bounce messages about undeliverable addresses - and normally these should be rejected instead of rejecting/bouncing. Look through your /var/log/maillog and see what you are accepting and what deliveries are failing.

How can I put a stop to these emails -- do I need procmail recipes? Can I configure sendmail to drop anything not coming in for a valid user? Or is it best to upgrade to the latest version of Fedora and work on tightening up processing of incoming emails? Is there any way of stopping the tidal wave of spam? What is a sensible approach to fixing this?

My favorite is MimeDefang as a front end to clamav and spamassassin. You can reject anything containing viruses or extremely high spam scores and add a header to intermediate spam scores that mailman can detect for moderation. It's a little work to set up, though.

--
  Les Mikesell
   lesmikesell gmail com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]