LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-26-2007, 12:19 PM   #16
jyoung4
LQ Newbie
 
Registered: Apr 2006
Location: Minneapolis, Minnesota, USA
Posts: 16

Rep: Reputation: 1

Quote:
Originally Posted by gregorian
I have no idea, but you'll find it interesting to note that the rm -f * command did not work. It said that the argument list was too large (4781 files). I had to log in as root, go to the folder and delete all the files. It took about a minute to delete the files!

If you want to delete such a large number of files, how do you proceed? Should you write a shell program?

One more question-- You've already seen how powerful the script is. A simple addition of a loop will convert it into a mail bomber. Now if someone places this loop in my system startup folder, will it execute on startup without giving any prompt? What are the system startup folders? I know one:
~/.kde/autostart

Are there any other?
The standard way to remove a large number of files in a directory is to combine the find and xargs commands in a pipe:
find /your/directory -type f -print | xargs rm -f
 
Old 02-26-2007, 04:32 PM   #17
rcase5
Member
 
Registered: Apr 2004
Distribution: Fedora & Debian
Posts: 38

Rep: Reputation: 15
Functioning of SMTP servers

I know a little bit of how SMTP servers work on *NIX. While I don't use sendmail (because, frankly, it scares me), I believe it's function is similar to the system I use, which is qmail.

There is a daemon part that stays running all the time and handles the delivery of messages to the individual mailboxes on your system and also sends messages heading out of your network to other systems.

There is also the part which "injects" mail messages into your mail queue. When a system makes a connection to your system on port 25, inetd or xinetd (or whatever system you might be using) runs the program which handles the communication session between your system and the remote system, and then puts the new mail message into the queue and then the program quits. Depending on how your system is configured, the daemon does not see the new email message until this injector program puts it into the queue.

That's why it is possible to be mailbombed even though you shut down your daemon. So, if you need to have your system stop accepting new mail messages from the outside world, you need to go into the configuration file(s) for inetd or xinetd and disable it there. All shutting down the daemon does it stop the processing of mail messages in the queue; your system will still keep accepting new emails until you disable it in (x)inetd.

Also, if you do decide to take your SMTP server down to let a mailbomb attack subside, you should probably do it for a week. My experience tells me that, even though you might make your SMTP server unavailable for a couple of days, you will still get those emails that were undelivered during that time. Most SMTP servers have a feature where it will keep messages in it's queue for a little while (usually around 3 days) before it will give up and bounce the message. SMTP is nice that way, because if you need to bring your server down for whatever reason (perhaps to do maintenance or an upgrade), chances are you will not miss any emails while you are down. But if your getting bombed it can be a two-edged sword.

Hope this helps.

Robert...
 
Old 04-30-2007, 07:42 PM   #18
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,495

Rep: Reputation: 85
lol that is funny
 
Old 05-01-2007, 02:17 PM   #19
Zention
Member
 
Registered: Mar 2007
Posts: 119

Rep: Reputation: 16
Without using a loop in the script the reason you probably got a 1000 emails and counting is because the from and to addresses are the same. This can create an infinite loop, though normally it happens if something is mis-configured.

Note the script is not powerful you are using sendmail to do all the work, all the script does is send information to sendmail, you can do this in any shell scripting language or any language; you are just piggy backing on sendmail.
 
Old 05-02-2007, 02:57 AM   #20
immorato
LQ Newbie
 
Registered: May 2007
Location: Massachusetts
Distribution: Fedora Core 4
Posts: 1

Rep: Reputation: 0
Talking Perl Possibility

open(MAIL, "|/usr/sbin/sendmail -t");

Attempts to use the sendmail protocall to send the "print MAIL" lines... Sendmail cannot send them as the proggy is disabled, therefore the "print MAIL" lines go to the mqueue. This is of course, not where perl wants to send them, so it tries again... and again... and again... never reaching the line :


close(MAIL);

correctly the line should read : open(MAIL, "|/usr/sbin/sendmail -t") or die('could not open sendmail');
to kill the process if there is a failure on OPEN. possibly an EVAL statement to see if sendmail is running at all...

still not sure if I would test the script, seeing as how you had soooooo many problems with it... over 4,000 emails waiting to be sent? Perl is supposed to run fast, but WOW!

<steps off soapbox>

Last edited by immorato; 05-02-2007 at 03:06 AM.
 
Old 05-02-2007, 05:13 AM   #21
Zention
Member
 
Registered: Mar 2007
Posts: 119

Rep: Reputation: 16
There is nothing special about MAIL any name could be used.

It doesn't use the sendmail protocol directly it just prints to the | sendmail defined by MAIL.

sendmail could be replaced with any program, it is just a generic way to maintain a pipe to any program in Perl.

Yes, you should die it though to be fair it does not look like that was the case and sendmail will send a mail without being in daemon mode.

Anyway, even if the MAIL file handler was magical you would still need to loop that many times for it to be the source of the problem.

If you did not loop and you get 1000s of emails then you have triggered an infinite loop in your setup.

It happens like this:

Message gets sent to you@127.0.0.1 (toaddr)
There is a problem with receiving the mail that generates a return message.
That Message gets sent to you@127.0.0.1 (fromaddr)
There is a problem ...
That Message gets sent to you@127.0.0.1 (toaddr)
There is a problem ...
That Message gets sent to you@127.0.0.1 (fromaddr)

Now normally this cycle does not occur if the to and from are different, though it can happen still.

People use to do this quite often to themselves, especially when first trying to work out how to deal with spam, Postfix appears to have cured it happening more recently but I suspect anyone using raw sendmail could quite easily slip up.

Though if you did loop it then that is more likely to be the problem, but if it is the receive problem then you need to address that (forgive the pun) or you are just storing it up for yourself again.
 
  


Reply

Tags
local, sendmail, spam, spamming


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Urgent help for Postfix mail server (please Read it) pushpraj Linux - Server 4 09-17-2006 10:51 PM
urgent: mail server down 2 days I_AM Linux - General 2 07-29-2005 10:59 AM
Mail Bomb(s) Arcane Kidd Linux - Software 6 04-29-2003 01:11 PM
Mail Problem Pls Help Me -- URGENT jaishivaya Linux - General 0 03-21-2002 12:43 AM
URGENT ! PLS HELP :Mail problem kcwoo Linux - General 3 01-30-2002 12:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration