How Fetchmail made me a spammer
Benjamin Lutz
mail at maxlor.com
Thu Jan 14 09:37:02 UTC 2010
Last night, I got an email from one of my users for whom I handle emails. He
said that friend sent him a large email, which was rejected because of its
size; and that his friend now gets a notice to that effect every minute.
What had happened?
1) The friend sent a 20MB Email to my user's public email account.
2) Fetchmail downloads that 20MB email from the public POP3 server.
3) Fetchmail tries to pass the email to the local postfix server.
4) Postfix refuses the email with a permanent 552 error because
it's larger than 10MB.
5) Fetchmail generates and sends a rejection notice, but does not
delete the 20MB Email from the POP3 server because the
"softbounce" option is still the default.
6) Fetchmail sleeps 60 seconds.
7) Continue at step 2).
The damage done:
- roughly 20GB of bandwidth wasted by downloading the 20MB email over
and over.
- an estimated 1000 rejection notices sent to the poor guy who originally
sent the 20MB email (well, that should teach him not to send big mails! :)
- personal embarassment.
The lessons learned:
- I need better monitoring. I already monitor postfix's queue size and
get alerts if it goes above a certain size, but in this case, the email
in question never ended up in the queue. Monitoring bandwidth usage at
the firewall and mails-per-hour at the mail server (which includes error
notices) should let me detect sooner that something is amiss next time.
- Postfix's default 10MB size limit seems outdated seeing how internet
connections have become faster; I've upped it to 50MB.
- Fetchmail's defaults are dangerous. The softbounce option, which is the
default (the manpage claims it'll be disabled by default with the next
version,) can generate large amounts of spam.
Cheers
Benjamin
More information about the freebsd-chat
mailing list