General
cancel
Showing results for 
Search instead for 
Did you mean: 

RH 4 Quiz question on sendmail

SOLVED
Go to solution
Steven E. Protter
Exalted Contributor

RH 4 Quiz question on sendmail

Where does mail go that can't be delivered?

Example a spammer abuses a formmail form and gets a ton of email queued to aol. You being smarter than the spammer set your system to detect high mail queue length and all mail was deferred. Or you simply set the recipient limit to 3 and the idiot spammer tried to relay 5000 messages.

Or you lost network connectivity.

If you answer /var/spool/mqueue you are partially right but get no points.

With RH 4 it only sits there a little while and ghen goes elsewhere waiting for another chance to be delivered. For All I know this dates back a long time.

The directory did not exist in RH AS 2.1 and it did exist in RH 3.

So why didn't I know about it? Good question. I should turn in my crown here.

Anyway, 10 points for the first 5 correct answers. 10 points for a pointer to a document that explains it. This thread will close in 2.5 hours or when I go to bed which is likely to be sooner.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
11 REPLIES
Stuart Browne
Honored Contributor

Re: RH 4 Quiz question on sendmail

Aww, no fair. I'm nowhere near my RHES4 box.

*VNC's home, arcs up VMWare*

...

Mail queuing for an external host will go to /var/spool/mqueue until delivered. However, bounces might go through /var/spool/clientmqueue user it came from is a local.

If that fails, it'll then do a dead-letter-drop to 'dead.letter', usually as /var/tmp/dead.letter.

This is assuming, of course, that you're using un-touched RPM based CF files.

If this isn't the flow, then can you grab the output of 'mailq -OMaxQueueRunSize=10' when it occurs, see what errors it's getting with sending/filing.
One long-haired git at your service...
Steven E. Protter
Exalted Contributor

Re: RH 4 Quiz question on sendmail

A RH3 box will suffice.

A good answer, but precisely thats where the mail goes when its dead.

I of course learned this the hard way. If by some chance this is a customization that I'm unaware of, I'll let you know with apologies.

Thread stays open for 24 hours.

:-)

Welcome Back Stuart.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Stuart Browne
Honored Contributor

Re: RH 4 Quiz question on sendmail

The 'dead.letter' used to go to the ~/dead.letter for the user that ran sendmail (i.e. root).

It's customizable now though, 'O DeadLetterDrop=/path/to/file'.

Although in reality, it may as well just be /dev/null for all the use most people get from it.
One long-haired git at your service...
Stuart Browne
Honored Contributor

Re: RH 4 Quiz question on sendmail

mm, and I don't know how 'back' I am yet.

I was unemployed from Jan-Aug last year, so I've been burried in my new job since. Things have sorta settled down there now (i.e. I figured the systems out, and actually rebuilt 2/3rd's of them! teehee), and now it's finally time for catchup.
One long-haired git at your service...
Vitaly Karasik_1
Honored Contributor

Re: RH 4 Quiz question on sendmail

>Where does mail go that can't be delivered?

>Example a spammer abuses a formmail form >and gets a ton of email queued to aol. You >being smarter than the spammer set your >system to detect high mail queue length and >all mail was deferred. Or you simply set >the recipient limit to 3 and the idiot >spammer tried to relay 5000 messages.

AFAIK, in all these cases (unlike network connectivity problems) emails will reject, e.g. mail server won't save these emails in some-magic-place for future delivery but will just send reject message and drop them.
Stuart Browne
Honored Contributor

Re: RH 4 Quiz question on sendmail

If you've set rate limits etc., it will defer connections, or not allow connections, but unless it's a max-recipient or similar setting, it won't 'reject'.
One long-haired git at your service...
Steven E. Protter
Exalted Contributor

Re: RH 4 Quiz question on sendmail

Emails were submitted by httpd server to localhost because a server user had a perl formmail script configured improperly.

The mail source was local, they were on the system. sendmail.mc configuration prevented delivery so they were queued on the system.

What directory?

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Stuart Browne
Honored Contributor
Solution

Re: RH 4 Quiz question on sendmail

Messages generated from localhost would normally start them in '/var/spool/clientmqueue' (see 'O QueueDirectory' in /etc/mail/submi.cf). That daemon wil try to deliver them from there.

They don't show up in 'mailq -Ac' ?
One long-haired git at your service...
Stuart Browne
Honored Contributor

Re: RH 4 Quiz question on sendmail

Dumb question I just thought of.. The formmail script wasn't configued to use a remote/external SMTP server was it?

I'm pretty sure it's capable of being configured that way, rather than just piping straight into '/usr/lib/sendmail -bt'..
One long-haired git at your service...
Steven E. Protter
Exalted Contributor

Re: RH 4 Quiz question on sendmail

The formmail script submitted locally.

The exploit was possible because the form did not limit input size on the fields, permitting the abuser to submit thousands of characters into a field that is supposed to contain one email address.

Of course I got to make the change.

We have a winner in Stuart Browne.

I also had a stint of planned unemployment which ended September of 2005.

I'm miffed that there is little documentation on the /var/spool/client... directory.

Made the process of cleaning out the spam much harder.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Stuart Browne
Honored Contributor

Re: RH 4 Quiz question on sendmail

*nod*. It's been around since RH8, so I've had plenty of time to be poked with it.

The introduction was actually with that version of sendmail, and is recommended by the sendmail guy's to have the split config (MTA/MSP). The reasons for it are discussed in '/usr/share/doc/sendmail/SECURITY', well some of them.
One long-haired git at your service...