Date: Thu, 14 Jan 2010 10:16:56 +0100 From: Benjamin Lutz <mail@maxlor.com> To: freebsd-chat@freebsd.org Subject: How Fetchmail made me a spammer Message-ID: <201001141016.56877.mail@maxlor.com>
next in thread | raw e-mail | index | archive | help
Last night, I got an email from one of my users for whom I handle emails. He said that friend sent him a large email, which was rejected because of its size; and that his friend now gets a notice to that effect every minute. What had happened? 1) The friend sent a 20MB Email to my user's public email account. 2) Fetchmail downloads that 20MB email from the public POP3 server. 3) Fetchmail tries to pass the email to the local postfix server. 4) Postfix refuses the email with a permanent 552 error because it's larger than 10MB. 5) Fetchmail generates and sends a rejection notice, but does not delete the 20MB Email from the POP3 server because the "softbounce" option is still the default. 6) Fetchmail sleeps 60 seconds. 7) Continue at step 2). The damage done: - roughly 20GB of bandwidth wasted by downloading the 20MB email over and over. - an estimated 1000 rejection notices sent to the poor guy who originally sent the 20MB email (well, that should teach him not to send big mails! :) - personal embarassment. The lessons learned: - I need better monitoring. I already monitor postfix's queue size and get alerts if it goes above a certain size, but in this case, the email in question never ended up in the queue. Monitoring bandwidth usage at the firewall and mails-per-hour at the mail server (which includes error notices) should let me detect sooner that something is amiss next time. - Postfix's default 10MB size limit seems outdated seeing how internet connections have become faster; I've upped it to 50MB. - Fetchmail's defaults are dangerous. The softbounce option, which is the default (the manpage claims it'll be disabled by default with the next version,) can generate large amounts of spam. Cheers Benjamin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001141016.56877.mail>