From owner-freebsd-chat@FreeBSD.ORG Thu Jan 14 09:37:02 2010 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA421106566C for ; Thu, 14 Jan 2010 09:37:02 +0000 (UTC) (envelope-from mail@maxlor.com) Received: from mxout005.mail.hostpoint.ch (mxout005.mail.hostpoint.ch [217.26.49.184]) by mx1.freebsd.org (Postfix) with ESMTP id 87A0F8FC16 for ; Thu, 14 Jan 2010 09:37:02 +0000 (UTC) Received: from [10.0.2.20] (helo=asmtp002.mail.hostpoint.ch) by mxout005.mail.hostpoint.ch with esmtp (Exim 4.69 (FreeBSD)) (envelope-from ) id 1NVLp4-000NSe-Hc for freebsd-chat@freebsd.org; Thu, 14 Jan 2010 10:16:58 +0100 Received: from [82.136.101.114] (helo=atlantis.intranet) by asmtp002.mail.hostpoint.ch with esmtpa (Exim 4.69 (FreeBSD)) (envelope-from ) id 1NVLp4-000Itb-AA for freebsd-chat@freebsd.org; Thu, 14 Jan 2010 10:16:58 +0100 Received: from [192.168.10.167] (pub212004072186.fx-hfc.datazug.ch [212.4.72.186]) by atlantis.intranet (Postfix) with ESMTPSA id 181151A098 for ; Thu, 14 Jan 2010 10:16:58 +0100 (CET) X-Authenticated-Sender-Id: mail@maxlor.com From: Benjamin Lutz To: freebsd-chat@freebsd.org Date: Thu, 14 Jan 2010 10:16:56 +0100 User-Agent: KMail/1.9.9 X-Face: $Ov27?7*N,h60fIEfNJdb!m,@#4T/d; 1hw|W0zvsHM(a$Yn6BYQ0^SEEXvi8>D`|V*F"=?utf-8?q?=5F+=0A=09R2?=@Aq>+mNb4`,'[[%z9v0Fa~]AD1}xQO3|>b.z&}l#R-_(P`?@Mz"kS; XC>Eti,i3>%@=?utf-8?q?g=3F=0A=094f?=,\c7|Ghwb&ky$b2PJ^\0b83NkLsFKv|smL/cI4UD%Tu8alAD MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <201001141016.56877.mail@maxlor.com> Subject: How Fetchmail made me a spammer X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2010 09:37:02 -0000 Last night, I got an email from one of my users for whom I handle emails. He said that friend sent him a large email, which was rejected because of its size; and that his friend now gets a notice to that effect every minute. What had happened? 1) The friend sent a 20MB Email to my user's public email account. 2) Fetchmail downloads that 20MB email from the public POP3 server. 3) Fetchmail tries to pass the email to the local postfix server. 4) Postfix refuses the email with a permanent 552 error because it's larger than 10MB. 5) Fetchmail generates and sends a rejection notice, but does not delete the 20MB Email from the POP3 server because the "softbounce" option is still the default. 6) Fetchmail sleeps 60 seconds. 7) Continue at step 2). The damage done: - roughly 20GB of bandwidth wasted by downloading the 20MB email over and over. - an estimated 1000 rejection notices sent to the poor guy who originally sent the 20MB email (well, that should teach him not to send big mails! :) - personal embarassment. The lessons learned: - I need better monitoring. I already monitor postfix's queue size and get alerts if it goes above a certain size, but in this case, the email in question never ended up in the queue. Monitoring bandwidth usage at the firewall and mails-per-hour at the mail server (which includes error notices) should let me detect sooner that something is amiss next time. - Postfix's default 10MB size limit seems outdated seeing how internet connections have become faster; I've upped it to 50MB. - Fetchmail's defaults are dangerous. The softbounce option, which is the default (the manpage claims it'll be disabled by default with the next version,) can generate large amounts of spam. Cheers Benjamin