Date: Mon, 14 Jun 1999 17:23:28 -0700 From: Jerry Preeper <preeper@cts.com> To: Kenneth Ingham <ingham@i-pi.com>, LutzRab@omc.net Cc: security@FreeBSD.ORG Subject: Re: New Attack via sendmail? Message-ID: <3.0.5.32.19990614172328.041c7970@crash.cts.com> In-Reply-To: <19990614173259.33286@i-pi.com> References: <199906141930.VAA14403@office.omc.net> <199906141930.VAA14403@office.omc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I've had this similar thing hit me with 2.2.8-Stable and procmail 3.11.pre7 I think. It has a problem that apparently has been fixed in 3.13 so if your'e using procmail, time to upgrade. Someone sent us a 30MB email (40+MB after encoding) that just couldn't get through my procmail recipes without killing the machine. I have since upgraded procmail, although I haven't yet tested it with this large of an email yet. First it eats up all the swap space trying to match all the conditions, then all sorts of services just start dying until the whole machine is pretty much dead. Jerry >> >> I've seen some pretty strange lines in syslog of one of our webservers. >> >> The box is running 2.2.8 with sendmail 8.9.3 and has never been out of >> swap space before, in fact it's not using swap space at all under normal >> conditions. >[log deleted] > >I've seen the exact same thing on a 2.2.6 system running sendmail >8.9.1 with procmail as a local delivery agent when a really large >email message (one which was around 1/3 - 1/2 of total swap space) >was moving through. > >Kenneth > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.5.32.19990614172328.041c7970>