From: Erik Aronesty (no email)
Date: Fri Mar 01 2002 - 01:01:38 EST
Expanding on a previous post about turning off DNS error notifications which
are excessively sent to the sender (up to 20 outgoing messages for each
incoming)
Suppose Postfix sends (up to) 20 "dns failure" messages to the sender for
every mail.
Attacker sends a few bad mails (with dns failure/timeout on the nameservers
of the recipient) to a postfix server, and it will generate dozens of
warning messages. Each of these warning messages will also be sent to a
server (sender) that has a DNS error.
Does this mean you can queue up about 400 messages ina postfix box for every
1 incoming?
So I can generate 4 million permanently queued messages with only 10,000
incoming ones?
Is there any way to stop postfix from sending these DNS warnings?
"Name service error for pwebtech.com: Host not found, try again"
- Erik
> During those few hours, postfix was receiving DNS failures on all
mail.
> This has a bad consequence.
>
> Each mail postfix received could not be delivered. So postfix created
a
> delivery failure message to return to the sender. However it did not do
> this for just the first attempt to deliver, it did this for every attempt.
> The net result was that 60,000 delivery failure messages were sitting in
my
> queue, when I was about to turn DNS back on. (( Fortunately, I had this
> problem before with sendmail, so I checked the queue, and cleared it
before
> turning DNS back on ))
>
> Idea:
>
> Digest queued error messages that a) fail to deliver or b) are less
than
> X minutes apart?
>
> Example of a the failure message:
>
> [-----------CUT-----------]
> Return-Path: <>
> Delivered-To:
> Received: (qmail 2495 invoked from network); 8 Feb 2002 20:43:38 -0500
> Received: from mail2.dnsvr.com (216.40.250.39)
> by superlink.net with SMTP; 8 Feb 2002 20:43:38 -0500
> Received: by mail2.dnsvr.com (Postfix) via BOUNCE
> id 1899E1D32D; Thu, 7 Feb 2002 16:03:24 -0500 (EST)
> Date: Thu, 7 Feb 2002 16:03:24 -0500 (EST)
> From: (Mail Delivery System)
> Subject: Undelivered Mail Returned to Sender
> To:
> MIME-Version: 1.0
> Content-Type: multipart/report; report-type=delivery-status;
> boundary="D6DDA1D318.1013115804/mail2.dnsvr.com"
> Message-Id: <20020207210324 dot 1899E1D32D at mail2 dot dnsvr dot com>
>
> This is a MIME-encapsulated message.
>
> --D6DDA1D318.1013115804/mail2.dnsvr.com
> Content-Description: Notification
> Content-Type: text/plain
>
> This is the Postfix program at host mail2.dnsvr.com.
>
> I'm sorry to have to inform you that the message returned
> below could not be delivered to one or more destinations.
>
> For further assistance, please send mail to <postmaster>
>
> If you do so, please include this problem report. You can
> delete your own text from the message returned below.
>
> The Postfix program
>
> <>: Name service error for pwebtech.com: Host not
> found,
> try again
>
> --D6DDA1D318.1013115804/mail2.dnsvr.com
> Content-Description: Delivery error report
> Content-Type: message/delivery-status
>
> Reporting-MTA: dns; mail2.dnsvr.com
> Arrival-Date: Sat, 2 Feb 2002 15:03:49 -0500 (EST)
>
> Final-Recipient: rfc822;
> Action: failed
> Status: 4.0.0
> Diagnostic-Code: X-Postfix; Name service error for pwebtech.com: Host not
> found, try again
>
> --D6DDA1D318.1013115804/mail2.dnsvr.com
> Content-Description: Undelivered Message
> Content-Type: message/rfc822
>
> Received: from Yankee (unknown [64.21.143.22])
> by mail2.dnsvr.com (Postfix) with ESMTP id D6DDA1D318
> for <>; Sat, 2 Feb 2002 15:03:49 -0500 (EST)
> To:
> From:
> Subject: testkey: 0.19766235351562510126804230.90087890625
> Message-Id: <20020202200349 dot D6DDA1D318 at mail2 dot dnsvr dot com>
> Date: Sat, 2 Feb 2002 15:03:49 -0500 (EST)
>
> -
>
> --D6DDA1D318.1013115804/mail2.dnsvr.com--
> [-----------CUT-----------]
>
>
> Erik
>
>
> -
> To unsubscribe, send mail to with content
> (not subject): unsubscribe postfix-users
>
-
To unsubscribe, send mail to with content
(not subject): unsubscribe postfix-users
|
|
|