From owner-freebsd-chat@FreeBSD.ORG Fri Jan 15 07:36:35 2010 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6FE8106566B for ; Fri, 15 Jan 2010 07:36:35 +0000 (UTC) (envelope-from frank@shute.org.uk) Received: from atmail-10.bnguk.net (atmail-10.bnguk.net [80.74.253.10]) by mx1.freebsd.org (Postfix) with ESMTP id 7FE3A8FC14 for ; Fri, 15 Jan 2010 07:36:35 +0000 (UTC) Received: from 77-44-105-82.xdsl.murphx.net ([77.44.105.82] helo=orange.esperance-linux.co.uk) by atmail-10.bnguk.net with esmtp (Exim 4.69) (envelope-from ) id 1NVgFS-00038y-R8; Fri, 15 Jan 2010 07:05:34 +0000 Received: by orange.esperance-linux.co.uk (Postfix, from userid 1001) id DD9D54AC20; Fri, 15 Jan 2010 07:05:32 +0000 (GMT) Date: Fri, 15 Jan 2010 07:05:32 +0000 From: Frank Shute To: Benjamin Lutz Message-ID: <20100115070532.GA75137@orange.esperance-linux.co.uk> Mail-Followup-To: Benjamin Lutz , freebsd-chat@freebsd.org References: <201001141016.56877.mail@maxlor.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201001141016.56877.mail@maxlor.com> User-Agent: Mutt/1.4.2.3i X-Face: *}~{PHnDTzvXPe'wl_-f%!@+r5; VLhb':*DsX%wEOPg\fDrXWQJf|2\,92"DdS%63t*BHDyQ|OWo@Gfjcd72eaN!4%NE{0]p)ihQ1MyFNtWL X-Operating-System: FreeBSD 8.0-RELEASE-p1 amd64 X-Organisation: 'shute.org.uk' Cc: freebsd-chat@freebsd.org Subject: Re: How Fetchmail made me a spammer X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Frank Shute List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2010 07:36:36 -0000 On Thu, Jan 14, 2010 at 10:16:56AM +0100, Benjamin Lutz wrote: > > Last night, I got an email from one of my users for whom I handle emails. He > said that friend sent him a large email, which was rejected because of its > size; and that his friend now gets a notice to that effect every minute. > > What had happened? > > 1) The friend sent a 20MB Email to my user's public email account. > 2) Fetchmail downloads that 20MB email from the public POP3 server. > 3) Fetchmail tries to pass the email to the local postfix server. > 4) Postfix refuses the email with a permanent 552 error because > it's larger than 10MB. > 5) Fetchmail generates and sends a rejection notice, but does not > delete the 20MB Email from the POP3 server because the > "softbounce" option is still the default. > 6) Fetchmail sleeps 60 seconds. > 7) Continue at step 2). > > The damage done: > - roughly 20GB of bandwidth wasted by downloading the 20MB email over > and over. > - an estimated 1000 rejection notices sent to the poor guy who originally > sent the 20MB email (well, that should teach him not to send big mails! :) > - personal embarassment. > > The lessons learned: > - I need better monitoring. I already monitor postfix's queue size and > get alerts if it goes above a certain size, but in this case, the email > in question never ended up in the queue. Monitoring bandwidth usage at > the firewall and mails-per-hour at the mail server (which includes error > notices) should let me detect sooner that something is amiss next time. > - Postfix's default 10MB size limit seems outdated seeing how internet > connections have become faster; I've upped it to 50MB. > - Fetchmail's defaults are dangerous. The softbounce option, which is the > default (the manpage claims it'll be disabled by default with the next > version,) can generate large amounts of spam. > > Cheers > Benjamin Benjamin, You might want to give getmail a try. In the getmail conf you can limit the size of emails it fetches. I'm not sure you can do that with fetchmail. As you say, the guy who sent a >10MB email was rather silly, although I don't know what the "standard Windows user" uses for file transfer other than email. It's not like they usually have a web server set up. Regards, -- Frank Contact info: http://www.shute.org.uk/misc/contact.html