FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 01-06-2008, 08:11 PM
Robert L Cochran
 
Default Floods of Emails Coming In To /var/spool/mqueue

I have a server box running Fedora Core 2 which hasn't been updated
since sendmail 8.12.11-4.6. It has two mailman lists running on it which
are important to me. Also, over the last few years, I've set up 2-4
email accounts which are hosted by the server for the convenience of
guests who have stayed with us for vacations and so on. I haven't paid
much attention to either mailman or the email accounts over the years --
they didn't cause an overt problem until now. Today I finally started
investigating why some of my posts to the mailing list were not coming
back to me as expected, and discovered that my /var/spool/mqueue
directory is monstrously bloated. Look at the '20668416' in the
directory listing (although I'm not sure what that number means, except
to indicate the directory has a lot of files in it):


drwx------ 2 root mail 20668416 Jan 6 15:58 mqueue

I deleted the folder and then recreated it with the same permissions.
But I'm still getting floods of emails from somewhere. 279 in the past
hour or so. They look like spam.


How can I put a stop to these emails -- do I need procmail recipes? Can
I configure sendmail to drop anything not coming in for a valid user? Or
is it best to upgrade to the latest version of Fedora and work on
tightening up processing of incoming emails? Is there any way of
stopping the tidal wave of spam? What is a sensible approach to fixing
this?


Thanks

Bob Cochran
Greenbelt, Maryland, USA





--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-06-2008, 08:33 PM
Steven Stern
 
Default Floods of Emails Coming In To /var/spool/mqueue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/06/2008 03:11 PM, Robert L Cochran wrote:
| I have a server box running Fedora Core 2 which hasn't been updated
| since sendmail 8.12.11-4.6. It has two mailman lists running on it which
| are important to me. Also, over the last few years, I've set up 2-4
| email accounts which are hosted by the server for the convenience of
| guests who have stayed with us for vacations and so on. I haven't paid
| much attention to either mailman or the email accounts over the years --
| they didn't cause an overt problem until now. Today I finally started
| investigating why some of my posts to the mailing list were not coming
| back to me as expected, and discovered that my /var/spool/mqueue
| directory is monstrously bloated. Look at the '20668416' in the
| directory listing (although I'm not sure what that number means, except
| to indicate the directory has a lot of files in it):
|
| drwx------ 2 root mail 20668416 Jan 6 15:58 mqueue
|
| I deleted the folder and then recreated it with the same permissions.
| But I'm still getting floods of emails from somewhere. 279 in the past
| hour or so. They look like spam.
|
| How can I put a stop to these emails -- do I need procmail recipes? Can
| I configure sendmail to drop anything not coming in for a valid user? Or
| is it best to upgrade to the latest version of Fedora and work on
| tightening up processing of incoming emails? Is there any way of
| stopping the tidal wave of spam? What is a sensible approach to fixing
| this?

What are some of the messages in mqueue?

My bet is that you have a (1) bunch of dead/dying addresses in your
mailing list and (2) these are overwhelmingly reject messages for spam
delivered to non-existent spam on your server. Are you doing any spam
processing?

By the way, Fedora 2 is not longer updated and should not be considered
secure. You might put the effort into rebuilding the server before
installing antispam solutions or reconfiguring anything.


- --

~ Steve
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHgUkmeERILVgMyvARAh2lAJ4u4roLmmTkzK2l1Xn4d5 BOQYXHGwCfbPcQ
Wzls3CwRj6yckw0aFUCPQNM=
=+mDe
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-06-2008, 09:11 PM
Les Mikesell
 
Default Floods of Emails Coming In To /var/spool/mqueue

Robert L Cochran wrote:
I have a server box running Fedora Core 2 which hasn't been updated
since sendmail 8.12.11-4.6.


If this machine is internet-exposed, you should replace it immediately
with something that is still getting security updates.


It has two mailman lists running on it which
are important to me. Also, over the last few years, I've set up 2-4
email accounts which are hosted by the server for the convenience of
guests who have stayed with us for vacations and so on. I haven't paid
much attention to either mailman or the email accounts over the years --
they didn't cause an overt problem until now. Today I finally started
investigating why some of my posts to the mailing list were not coming
back to me as expected, and discovered that my /var/spool/mqueue
directory is monstrously bloated. Look at the '20668416' in the
directory listing (although I'm not sure what that number means, except
to indicate the directory has a lot of files in it):


drwx------ 2 root mail 20668416 Jan 6 15:58 mqueue

I deleted the folder and then recreated it with the same permissions.
But I'm still getting floods of emails from somewhere. 279 in the past
hour or so. They look like spam.


289 messages an hour is not something you'd call a 'flood' of spam by
today's standards. That's more like a dribble. However, they shouldn't
accumulate in your mqueue unless you are trying to send bounce messages
about undeliverable addresses - and normally these should be rejected
instead of rejecting/bouncing. Look through your /var/log/maillog and
see what you are accepting and what deliveries are failing.


How can I put a stop to these emails -- do I need procmail recipes? Can
I configure sendmail to drop anything not coming in for a valid user? Or
is it best to upgrade to the latest version of Fedora and work on
tightening up processing of incoming emails? Is there any way of
stopping the tidal wave of spam? What is a sensible approach to fixing
this?


My favorite is MimeDefang as a front end to clamav and spamassassin.
You can reject anything containing viruses or extremely high spam scores
and add a header to intermediate spam scores that mailman can detect
for moderation. It's a little work to set up, though.


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-06-2008, 10:27 PM
Robert L Cochran
 
Default Floods of Emails Coming In To /var/spool/mqueue

Les Mikesell wrote:

Robert L Cochran wrote:
I have a server box running Fedora Core 2 which hasn't been updated
since sendmail 8.12.11-4.6.


If this machine is internet-exposed, you should replace it immediately
with something that is still getting security updates.


I guess I'm going to have to figure out how to do an in-place
replacement of the operating system. I can install a second physical
hard drive, install Fedora 8 or CentOS 5 on that, and then start
migrating data from the FC 2 system to the new one over several days
time. I can use grub to switch between the two. Then when all looks
ready, switch to the (far newer) system. Probably the biggest problem
will be migrating my two mailing lists from mailman 2.1.5-10 to whatever
version is out there now.




My favorite is MimeDefang as a front end to clamav and spamassassin.
You can reject anything containing viruses or extremely high spam
scores and add a header to intermediate spam scores that mailman can
detect for moderation. It's a little work to set up, though.



Thanks, I'll keep it in mind.

Bob


--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-06-2008, 11:11 PM
Les Mikesell
 
Default Floods of Emails Coming In To /var/spool/mqueue

Robert L Cochran wrote:

I have a server box running Fedora Core 2 which hasn't been updated
since sendmail 8.12.11-4.6.


If this machine is internet-exposed, you should replace it immediately
with something that is still getting security updates.


I guess I'm going to have to figure out how to do an in-place
replacement of the operating system. I can install a second physical
hard drive, install Fedora 8 or CentOS 5 on that, and then start
migrating data from the FC 2 system to the new one over several days
time. I can use grub to switch between the two.


That can work with a certain amount of downtime while you install and
juggle things although it's a lot easier if you can build the
replacement on a different machine and swap it (or the drives) into
place when everything works with a final rsync of data at the last
minute. If you plan to keep this running for years without
reinstalling, Centos would be a better choice, since you can expect 'yum
update' to supply security fixes for 7 years.


Then when all looks
ready, switch to the (far newer) system. Probably the biggest problem
will be migrating my two mailing lists from mailman 2.1.5-10 to whatever
version is out there now.


Centos5 would supply 2.1.9, so probably not a big difference.


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-07-2008, 12:49 AM
Robert L Cochran
 
Default Floods of Emails Coming In To /var/spool/mqueue

Les Mikesell wrote:

Robert L Cochran wrote:

I guess I'm going to have to figure out how to do an in-place
replacement of the operating system. I can install a second physical
hard drive, install Fedora 8 or CentOS 5 on that, and then start
migrating data from the FC 2 system to the new one over several days
time. I can use grub to switch between the two.


That can work with a certain amount of downtime while you install and
juggle things although it's a lot easier if you can build the
replacement on a different machine and swap it (or the drives) into
place when everything works with a final rsync of data at the last
minute. If you plan to keep this running for years without
reinstalling, Centos would be a better choice, since you can expect
'yum update' to supply security fixes for 7 years.


Using a separate machine might be possible, yes. You are suggesting the
that I rsync specific data directories to the new drive -- I've never
done that before, but there is a first time for everything.


Thanks!

Bob

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-07-2008, 01:44 AM
Les Mikesell
 
Default Floods of Emails Coming In To /var/spool/mqueue

Robert L Cochran wrote:

Les Mikesell wrote:

Robert L Cochran wrote:

I guess I'm going to have to figure out how to do an in-place
replacement of the operating system. I can install a second physical
hard drive, install Fedora 8 or CentOS 5 on that, and then start
migrating data from the FC 2 system to the new one over several days
time. I can use grub to switch between the two.


That can work with a certain amount of downtime while you install and
juggle things although it's a lot easier if you can build the
replacement on a different machine and swap it (or the drives) into
place when everything works with a final rsync of data at the last
minute. If you plan to keep this running for years without
reinstalling, Centos would be a better choice, since you can expect
'yum update' to supply security fixes for 7 years.


Using a separate machine might be possible, yes. You are suggesting the
that I rsync specific data directories to the new drive -- I've never
done that before, but there is a first time for everything.


Yes, I like to do a clean install of the new distribution with all the
matching programs using a different hostname/ip address, do an initial
copy of the data that needs to be kept using rsync, tweak all the
configs and test as much as possible. Then when it is ready, shut down
the services on the old box, rsync again to update any changed data,
then swap the hostnames and addresses and reboot. You do have to
somewhat careful about cron jobs, the outgoing sendmail queue, etc,
where you don't want to duplicate operations when both are running and
you might have to clear the adjacent router cache to make the IP switch
work quickly. The advantage of this approach is that you have access to
all the config details on the old system, even ones best access through
a GUI, while working on the new one, and you don't have to panic if
something doesn't work - you can always turn the old one back up.


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-07-2008, 02:09 AM
Tim
 
Default Floods of Emails Coming In To /var/spool/mqueue

On Sun, 2008-01-06 at 18:11 -0600, Les Mikesell wrote:
> you can build the replacement on a different machine and swap it (or
> the drives) into place when everything works

That doesn't always work if the two machines have different enough
hardware that the install creates a different initrd file. Of course
you can make a new initrd file.

Whichever method you take depends on your skillset and patience.

--
[tim@bigblack ~]$ uname -ipr
2.6.23.1-10.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 01-07-2008, 03:31 AM
Les Mikesell
 
Default Floods of Emails Coming In To /var/spool/mqueue

Tim wrote:


you can build the replacement on a different machine and swap it (or
the drives) into place when everything works


That doesn't always work if the two machines have different enough
hardware that the install creates a different initrd file. Of course
you can make a new initrd file.

Whichever method you take depends on your skillset and patience.


If you swap whole machines you don't have this issue. If you swap disks
from different hardware, the brute-force approach is to do an install on
the destination box or identical hardware and use the /boot and
/etc/modprobe.conf generated there with the rest of the system from your
configured setup (making sure both are updated to the same kernel
version). If you go this route, the new setup can even be built under
vmware. There are less drastic ways to get a working initrd, but you
have to know as much as anaconda does about hardware and I don't think
much of that is well documented.


Is there an automated way to build a working initrd when running from a
live CD that has detected the runtime hardware?


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 11:07 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org