Re: Sendmail accounts corrupt
From: Bill Vermillion (bv_at_wjv.com)
Date: 10/06/04
- Next message: Fabio Giannotti: "RE: Sendmail accounts corrupt"
- Previous message: gdm: "Re: automatic reboot dont work"
- In reply to: willjay: "Re: Sendmail accounts corrupt"
- Next in thread: Fabio Giannotti: "RE: Sendmail accounts corrupt"
- Reply: Fabio Giannotti: "RE: Sendmail accounts corrupt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 06 Oct 2004 14:45:01 GMT
In article <X%P8d.267605$%n4.106897@bignews6.bellsouth.net>,
willjay <willjay@excite.com> wrote:
>
>"Bill Vermillion" <bv@wjv.com> wrote in message news:I5586o.FDs@wjv.com...
>> In article <BzI8d.149607$Np2.142191@bignews4.bellsouth.net>,
>> willjay <willjay@excite.com> wrote:
>>
>> >On my osr 5.06 server, with sendmail 8.11 installed, had a two
>> >mail account files in /usr/spool/mail grow very large and kind of
>> >went corrupt. The users could not retrieve the email, it would
>> >just hang up. My email account was fine as well as several other.
>> >I just echo "\c" > /usr/spool/mail/theaccount to set the account
>> >empty and all is well.
>>
>> >I looked at the file with hd and it was indeed corrupt.
>>
>> >Anyone seen this happen, virus maybe.
>>
>> With no idea of what the file looked like when you said 'corrupt'
>> it's sort of hard to tell.
>>
>> When you said the users couldn't retreive the mail just how were
>> they getting the mail. Were they logged in and using a local mail
>> reader or were they running pop accounts.
>>
>> I've seen instances where there will be some spam emails - that
>> will not download. The user connects and then nothing happens
>> at all until you get a time out.
>>
>> I try never to totally empty an email account as you never know
>> what may be in there that might be important.
>>
>> I normally run mutt, so as root you can do:
>>
>> mutt -f /usr/spool/mail/theaccount and then just use the 'd'
>> to delete obvious wrong emails, and also page through to find
>> really large emails.
>>
>> Once you get a lot of files marked for deletion, use the $ command
>> to resync the mailbox so that all the messages you have deleted
>> are junked, and then type X to exit.
>>
>> This way the messages will still have the N in the mailbox showing
>> they are new, instead of O - meaning they were old and while not
>> seen the mbox was accessed while they were there.
>>
>> If you use some other mail reader look up the commands.
>>
>>
>> --
>When I say corrupt, I mean outlook express would not load it.
Earlier you said you had looked at the file with HD and it was
corrupt. That is different than saying IE would not load it.
If items are coming in via a pop server it could be something
inside and email that stops the transmission. I've seen this
with fetcmail on my own account and had to go to the ISP server
[which I admin] to clean out bogus messages. I never took the time
to find out WHICH email caused it and isolate it to find the cause,
as there is just too much to do.
>You know how OE counts the emails it retrieve, it would never
>start counting, and it would never time out. Mail from the #
>(mail -u username) loaded a few good emails, and then page after
>page after page of nonsense. The spooler file was well over a
>gigabyte in size. Since this happended in two different accounts
>I don't think is was an accident.
Without more info I'd tend to chalk it up as spam - and I have
plenty of experience with that - as one domain I adminstered
used to get 300,000 spam emails per day until all MX access
to the domain was eliminated.
I've been using sendmail and admining it for two IPS's for a few
years and if there is a corruption problem - and it is not
something that someone has managed to send via mail - then it
is highly unlikely it will be sendmail but some low level problem
in the OS, >OR< in the transport to you.
Do as I suggested in the other message and get mutt on your local
SCO machine so you can look at mail problems directly. You can
read any mail file with mutt -f <fullpathtospoolname>
That takes out any intervening protocols that may hang. I've had
clients have their pop accounts hang, and mutt [locally] was
able to bring up the files directly, and I'd elminated the obvious
spam and large files, and then the client could download those
tool
This is not just an OE problem as I have mail to my machine - which
I retreive via 'fetchmail' - stop retreving mail. At that point
I ssh to the server, bring up mutt, delete a few things, and then
fetchmail will work. Every one of those were spam type emails.
> Also the only other unique thing about these accounts, is that
>they do get a lot of spam and the norton, does see virus, mostly
>Windows worms, and back door trojan, that are deleted on the
>client. I guess I should have kept the files, however, they were
>huge.
In cases like that I moved the file aside. I leave it
in the same directory and perform mv <user> <user-hold>
Then I can use a local reader to bring that up and then bounce
and needed mails to the end user account and then delete the rest.
I can't take the chance of just deleting the mbox as among the
clients are a law office and an investigation agency and THEY must
be the ones to decide which mails to toss away so they do their own
virus filtering.
I wish you luck - but in spite of Sendmail getting a bad security
rap that goes back to the Internet worm of 1986 - Sendmail has been
relatively bug free and only one security hole in the last 5 years.
It's well tested and works well
So you need to determine >IF< these files are really corrupt or
if they contain something that some spammer was sending. If they
are corrupt then you need to check your OS carefully to see that it
is not happening locally.
Given today's transport methods the chances of mail being corrupted
in transport are rare. Part of that could depend on where you get
your mail services from and how reliable they are - but that's
really a last resort check IMO.
Lots of luck.
Bill
-- Bill Vermillion - bv @ wjv . com
- Next message: Fabio Giannotti: "RE: Sendmail accounts corrupt"
- Previous message: gdm: "Re: automatic reboot dont work"
- In reply to: willjay: "Re: Sendmail accounts corrupt"
- Next in thread: Fabio Giannotti: "RE: Sendmail accounts corrupt"
- Reply: Fabio Giannotti: "RE: Sendmail accounts corrupt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
