Ah, the joys of network administration...

wbarnhill

wbarnhill

Final Approach
Joined
Feb 26, 2005
Messages
7,901
Location
Greenwood, SC
Display Name
Display name:
iEXTERMINATE
So... what happens when someone puts a 5 meg text file in the body of an email, then attaches the 5 meg text file as well, and sends the email twice to all of the list servers for the university (not to mention validates the messages themselves)? :eek:

Our Barracuda Spam Firewall and Surgemail both decided they didn't want to play after about 90GB of email. Now I get to spend the day searching the machine for any email file with a size of 9,188 KB. Whee.
 
Darrell111 said:
Was this on purpose Mr Barhill :D:D
Click to expand...

T'wasn't I dear Darrell. I would've died at the hands of my boss :p

1800 files found so far...

Update: Make that 4000... (40GB... yeech.)
 

Attachments

  • 04-05-06_1541.jpg
    04-05-06_1541.jpg
    44.1 KB · Views: 45
Last edited:
Time to limit file sizes...

I'll bet that if that email hit mailboxes that were at capacity, the bounced mail will hit you again.... :eek:
 
wsuffa said:
Time to limit file sizes...

I'll bet that if that email hit mailboxes that were at capacity, the bounced mail will hit you again.... :eek:
Click to expand...

Yeah, my boss had been trying to keep things as open as possible, but after this incident, we're moving from IMAP to POP and limiting everything to 1MB, no attachments other than PDF or DOC/TXT.
 
Greebo said:
no zip?
Click to expand...

He's quite upset with the faculty member at the moment, so he's going to the extreme end. Took some convincing to get him to allow attachments at all. Prolly in a week or two everything will be opened again.
 
wbarnhill said:
So... what happens when someone puts a 5 meg text file in the body of an email, then attaches the 5 meg text file as well, and sends the email twice to all of the list servers for the university (not to mention validates the messages themselves)?
Click to expand...

It fills up the hard drives and jams up the system. After the sysops manage to partially dig the system out, the wizards responsible get to talk to the director of student life and the director of the computer center. :yes:
 
Ah, young Mr. Barnhill . . . you knew the job was dangerous when you took it! ;)

By the BTW, it isn't "T'wasn't I...". You live in the South - you should KNOW the correct phrase is, "T'weren't me!"

:D
 
etsisk said:
Ah, young Mr. Barnhill . . . you knew the job was dangerous when you took it! ;)

By the BTW, it isn't "T'wasn't I...". You live in the South - you should KNOW the correct phrase is, "T'weren't me!"

:D
Click to expand...

Yeah yeah... t'weren't me either. :)

(13,000 and counting...)
 
wbarnhill said:
He's quite upset with the faculty member at the moment, so he's going to the extreme end. Took some convincing to get him to allow attachments at all. Prolly in a week or two everything will be opened again.
Click to expand...
The faculty member?

This wasn't a student's prank or f-up??

Ooh - time to really restrict someone's access. :)
 
Greebo said:
The faculty member?

This wasn't a student's prank or f-up??

Ooh - time to really restrict someone's access. :)
Click to expand...

*nod* She's lost all privileges to the list server. Someone has to authorize any emails she tries to send campus wide now.
 
out of curiosity...

Was it a legitimate ATTEMPT at sending an email?
 
What the hell was 5 megs of TEXT????
 
wbarnhill said:
He's quite upset with the faculty member at the moment, so he's going to the extreme end. Took some convincing to get him to allow attachments at all. Prolly in a week or two everything will be opened again.
Click to expand...

Arrggg..:confused: Dnt sem slkf ropvb pab bot, maeh dint fewa khou nsawe!:dunno: But abet m igs dopr sfim toda?:rolleyes:

Dakota Duce

"May All Your Flights Be Of Good Weather!"
 
Dakota Duce said:
Arrggg..:confused: Dnt sem slkf ropvb pab bot, maeh dint fewa khou nsawe!:dunno: But abet m igs dopr sfim toda?:rolleyes:
Click to expand...

I can read encrypted WX reports like it's plain text however my secret decoder ring burst into flames trying to sort that one out.
 
If the system will allow the user to do it. It will happen. At least those are the rules I play by.

This is a good example of why you should *always* have server logs and mail spools on a seperate partition or hard drive then anything else. The reason for this is runaway logs / mail have little effect on the rest of the system. Plus you can set the partition size to something reasonable (let's say 5 gig) and it simply wouldn't ever be able to get out of hand.

A classic attack at bringing a system down is to simply overload the mailspool (or server logs) which would max out the hard drive and everything comes to a slamming hault.
 
Greebo said:
out of curiosity...

Was it a legitimate ATTEMPT at sending an email?
Click to expand...

Yeah, it was supposed to be notifying students of an upcoming event.

We're deleting the 14,417 copies now. Total filesize - 126 GB.
 
I love the "Joe Schmuck is out of the office" auto replies... I implemented an Oracle mail system at a facility once - intended to integrate with and then replaced CC Mail if that gives you any idea how long ago. The implementation was parallel and the tests were run on both systems simultaneously. One of the testers sent a massive file (in 1990 "massive" terms, maybe a couple of hundred K at the time) as an attachment to 2000 recipients and a number of them had "out of the office" auto-replies set. But, they had out of the office auto replies set on the new system as well, so this set off an escalating auto-reply storm which fired off more auto-replies to the auto-replies... ad nauseum...

CC Mail choked rather quickly, but since Oracle Mail stored the attachment and message once rather than a copy for each recipient, it stayed up nicely...
 
gkainz said:
I love the "Joe Schmuck is out of the office" auto replies...
Click to expand...

My company requires me to turn on the "Out of Office" auto reply whenever I am out. Unfortunately MS Outlook then obediently auto replies to all spam, which generates ten fold as much spam, which also recieves the auto reply, which ..... AAAAAAAAH!!
 
jangell said:
If the system will allow the user to do it. It will happen. At least those are the rules I play by.

This is a good example of why you should *always* have server logs and mail spools on a seperate partition or hard drive then anything else. The reason for this is runaway logs / mail have little effect on the rest of the system. Plus you can set the partition size to something reasonable (let's say 5 gig) and it simply wouldn't ever be able to get out of hand.

A classic attack at bringing a system down is to simply overload the mailspool (or server logs) which would max out the hard drive and everything comes to a slamming hault.
Click to expand...

This isn't a case of hard drive maxing out. The HDD on the mailserver still had 190GB free. The issue occurred when the backlog on the mailserver processing each 10MB email got too large (40 work folders, all with a copy of the 10MB email, were present at the time we shut down the mailserver). The mailserver just choked, and the Barracuda began saving incoming emails. The Barracuda hasn't died (my mistake, I thought it did), and like I said, we're deleting the junk emails from the server. It's just a case of an academic environment where one user unknowingly overwhelmed the server through a mix of ignorance and "luck". A simple solution is just to require all emails passing into the list servers to be moderated instead of having a select few who are auto accepted.
 
GaryO said:
My company requires me to turn on the "Out of Office" auto reply whenever I am out. Unfortunately MS Outlook then obediently auto replies to all spam, which generates ten fold as much spam, which also recieves the auto reply, which ..... AAAAAAAAH!!
Click to expand...

There is an option you can set on it to only send the out of office message once to each unique sender. Tends to stop the escalation somewhat. Depends of the version, but should be right where the O-o-O tab is.
 
SJP said:
There is an option you can set on it to only send the out of office message once to each unique sender. Tends to stop the escalation somewhat. Depends of the version, but should be right where the O-o-O tab is.
Click to expand...

The problem is that if you ever respond to spam they know they have a live address and your email address gets passed on to every spammer in the world.:mad:
 
GaryO said:
The problem is that if you ever respond to spam they know they have a live address and your email address gets passed on to every spammer in the world.:mad:
Click to expand...
If your company doesn't have an anti-spam system in place, you're just asking for trouble in the long run. Like William, I use the Barracuda system with excellent results. Fairly idiot-proof and easily administered.
 
Brian Austin said:
If your company doesn't have an anti-spam system in place, you're just asking for trouble in the long run. Like William, I use the Barracuda system with excellent results. Fairly idiot-proof and easily administered.
Click to expand...

Ours is a little bigger than Barracuda...but works pretty much the same way I am told...needs to with 140k+ employees ;)
 
The Barracuda works quite well, and has a bunch of xml stats you can parse to make nifty graphs!
 
wbarnhill said:
This isn't a case of hard drive maxing out. The HDD on the mailserver still had 190GB free. The issue occurred when the backlog on the mailserver processing each 10MB email got too large (40 work folders, all with a copy of the 10MB email, were present at the time we shut down the mailserver). The mailserver just choked, and the Barracuda began saving incoming emails. The Barracuda hasn't died (my mistake, I thought it did), and like I said, we're deleting the junk emails from the server. It's just a case of an academic environment where one user unknowingly overwhelmed the server through a mix of ignorance and "luck". A simple solution is just to require all emails passing into the list servers to be moderated instead of having a select few who are auto accepted.
Click to expand...

Actually. You want the hard drive to max out, this prevents things from getting out of hand. You just don't want it to max out the hard drive that effects your system.

The way I currently have my server setup is with a 1GB partition for mail and a 1GB partition for logs.
 
Brian Austin said:
If your company doesn't have an anti-spam system in place, you're just asking for trouble in the long run. Like William, I use the Barracuda system with excellent results. Fairly idiot-proof and easily administered.
Click to expand...

We actually filter everything through two independent anti-spam systems. But if you set it up too strict it will "catch" some legitimate email and cause problems. The company policy is basically that it is better for us to deal with problem email that to have a customer or potential customer wondering why we didn't respond to an email.

We catch about 90-95% of the spam. When we try to tighten up more we end up getting calls about email not getting through.
 
We limit attachments and emails to 2meg total, anythig higher bombs out and we use a web site document repository for those file and then send out the link.
 
GaryO said:
We actually filter everything through two independent anti-spam systems. But if you set it up too strict it will "catch" some legitimate email and cause problems. The company policy is basically that it is better for us to deal with problem email that to have a customer or potential customer wondering why we didn't respond to an email.

We catch about 90-95% of the spam. When we try to tighten up more we end up getting calls about email not getting through.
Click to expand...
I've got two systems as well, one separate (Barracuda) and one added to the Exchange server (iHateSpam). My block rate is in the 97% range from my last check. We get some occasional legitimate blocks but our users are aware of the setup and call/e-mail me when something they expected didn't get through (it's easy to re-deliver it since both systems cache it for future delivery).

I also have the Barracuda set up to respond to e-mail with a "blocked" message for situations like that. I'm not happy with that set up, since it responds to all spam, but the system is designed for it and has saved communication issues in the past with customers.

I had users getting 40-50 spam messages a day with just iHateSpam in place. Adding the Barracuda system dropped my biggest spam receiver to maybe 1-3 per day.
 
Can barracuda go between exchange and the outside world?

I assume it can but just want to confirm.
 
Greebo said:
Can barracuda go between exchange and the outside world?

I assume it can but just want to confirm.
Click to expand...
Yes, it acts as an external SMTP server and feeds it to a server or farm. My setup is firewall -> Barracuda in DMZ -> Exchange server in Internal network. Ruleset only allows inbound SMTP to go to Barracuda and Exchange is set up to only accept from Barracuda's IP address.
 
I'm recommending it to my company. They'll ignore me again, but I refuse to give up. Its my annual dead horse to beat.

I've been w/ my company 10 years now. Early on I gave out my email freely at conferences and the like.

Now I get 50-100 spam messages a day, and our company still refuses to filter spam out of the fear of missing an email due to spam filtering.

The fact that it can respond and say "your email was blocked" may just FINALLY convince them to give it a try.
 
I've been lucky. I get NO spam to my personal work e-mail address. Mostly because it hasn't been gleaned by spambot spiders. I stole a javascript from Chip's Gaston's website to hide the clickable mailto command on our website. Unfortunately I had two idiot vendors put our "info@" and "sales@" e-mail addresses on their sites without asking me, or doing anything to hide the mailto command. I get maybe 5 spam mails a day between the two e-mails. One day the mail server was running extremely slow. Overnight someone had targeted our domain and sent about 120,000 e-mails to the server. All with different addresses that were randomly generated. And of course the server was notifying them that the mail could not be delivered. Went to the mail queue and put an end to the that real quick. Now the only problem I have is that somehow there is a single invalid address that is on a spam list and gets a few e-mails a day sent to it.
 
So, anyone else been inundated with SPAM to a comcast email address? I've had my comcast account for quite some time now (5 years maybe?) and just the other day created another mailbox on my account. In 12 hours, that newly created mailbox had over 100 spam messages in it. And, I didn't even use it yet, so it didn't exist ANYWHERE except in the comcast mail server. Hmmm, what the heck is up with THAT?
 
gkainz said:
So, anyone else been inundated with SPAM to a comcast email address? I've had my comcast account for quite some time now (5 years maybe?) and just the other day created another mailbox on my account. In 12 hours, that newly created mailbox had over 100 spam messages in it. And, I didn't even use it yet, so it didn't exist ANYWHERE except in the comcast mail server. Hmmm, what the heck is up with THAT?
Click to expand...
Sure - all the spammers do is set up a rotating sender that addresses emails to:
a@comcast.net
aa@comcast.net
ab@comcast.net
ac@comcast.net
....
aabaabab@comcast.net
and so on.

Eventually they'll hit one that doesn't generate an error message - and then remember it.
 
ah... and here I was all primed to blame comcast on selling addresses to spammers...
 
You must log in or register to reply here.
Back
Top