Date: Tue, 15 Jun 1999 09:29:04 +0100 From: FastNet Admin <netadmin@fastnet.co.uk> To: security@FreeBSD.ORG Subject: Re: New Attack via sendmail? Message-ID: <3.0.6.32.19990615092904.00943210@192.168.0.100> In-Reply-To: <199906141930.VAA14403@office.omc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, At 21:30 14/06/99 +0200, Lutz Rabing wrote: > >I've seen some pretty strange lines in syslog of one of our webservers. > >The box is running 2.2.8 with sendmail 8.9.3 and has never been out of >swap space before, in fact it's not using swap space at all under normal >conditions. > I saw something like this and it appeared to be caused by a process called procmail that was spawning across the system using huge amounts of memory and processor capability. Though I never got totally to the bottom of this it appeared as if stupidly large emails being delivered locally invoked procmail. Procmail then swallowed all the resources till the system eventually crashed with out of swap errors. This happened several times. It appears as if a log file being mailed to a user account was the cause of the problem and I have stopped this routine from happening. If I get the same thing again I'll set an email size limit of something like 30MB. Regards Ian Robertson FastNet International Ltd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.6.32.19990615092904.00943210>