Results 1 to 2 of 2
I am hoping someone can assist me. I am responsible for a mail server running sendmail and today, around 11:30 am the SMTP side of things stopped working. I have ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-27-2007 #1
- Join Date
- Aug 2007
Sendmail SMTP problem
I am responsible for a mail server running sendmail and today, around 11:30 am the SMTP side of things stopped working.
I have made no changes to the system.
It just stopped.
If I restart sendmail it works for a few minutes and then stops again.
I was checking the mail queue to try and determine what was going on and I was seeing a lot of Mailer Daemon traffic to a vast plethora of addresses that I did noit recognize, so I peeked in on them. A lot of them (all that I checked) were bounce-backs from my server to other addresses and the original message was spam.
I cannot find the place to turn off the auto-responder for bad addresses.
I also cannot figure out (easily) where the log file can be accessed from (I inherited the position and all attached systems and have been trying to catch up on how everything works for normal daily operations so I have not yet had the chance to really dig in and learn everything (plus I am hesitant for fear of breaking something).
Is my suspicion that this is an external spammer "attack" likely? Is there something else I should be looking for?
Any way I can fix this so that it does not happen in the future?
- 09-17-2007 #2
- Join Date
- Sep 2007
Sounds like you are getting hammered with a huge mailing list spammer
If you stop sendmail (/etc/init.d/sendmail stop [Solaris]) or (service sendmail stop [Linux])
that only terminates the inbound listening on port 25/587. Any messages in the queue
would still be present as well as any connected remote hosts. Do "ps -ef | grep send"
to see what is still connected.
Then for cleanup, kill the connected servers, purge the queues and install any of the
3. MimeDefang or Amavis
Additionally, retune your sendmail.mc to include a few DDBL blocks and do not
accept unresolvable domains.
Finally, clean up or modify your local-domains, local-hosts, relay-domains, and access sendmail files.
That should take care of 90 or better percent of your problems.