nullmailer spams relay host if misconfigured
Bug #236715 reported by
DarkStarSword
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nullmailer (Debian) |
Fix Released
|
Unknown
|
|||
nullmailer (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: nullmailer
I just got a call from our IT security officer on campus telling me my system was hammering the relay host and checking my logs it seems it was trying to connect ~20 times every second, but the relay was rejecting it because my hostname was misconfigured. This is very bad behaviour for any mailer program, expected behaviour would be for it to wait a minimum of 15 minutes before trying again. This is on Hardy Herron with nullmailer version 1:1.03-5.
My fix, as with all mailer problems was to immediately swap to postfix so this bug no longer affects me, but is most definitely still present.
Changed in nullmailer (Ubuntu): | |
status: | New → Incomplete |
Changed in nullmailer (Debian): | |
status: | Unknown → Confirmed |
Changed in nullmailer (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → Low |
Changed in nullmailer (Debian): | |
importance: | Unknown → Undecided |
status: | Confirmed → New |
importance: | Undecided → Unknown |
status: | New → Unknown |
Changed in nullmailer (Debian): | |
status: | Unknown → Confirmed |
Changed in nullmailer (Debian): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
Nullmailer retries unsuccessful deliveries forever. As a result, the queue
directory can become very large over time. Since no delivery status
notification is sent for failures, a user who accidentally misenters an
address will have a tough time figuring out what went wrong. Since the
output of mailq doesn't include the envelope addresses of the queued
messages, this problem becomes particularly troublesome to debug for users
without administrative access.
For temporary failures, some code needs to be added to check the age of the /queuelifetime) , the temporary failure should be treated as
queue file. If the queue file is older than a week (perhaps configurable in
/etc/nullmailer
permanent.
For permanent failures, nullmailer should queue a bounce message from the /doublebounceho st and /etc/nullmailer /doublebounceto ).
null envelope sender to the failed message's envelope sender. Once the
bounce has been successfully queued, nullmailer should delete the original
message be deleted from the queue. If queueing of the bounce message fails
for any reason, the original message must not be removed - to do so would
cause mail to be lost silently. As a special case, if the envelope sender of
the failed message is null, nullmailer should give the option to either move
the message from the queue to a special double bounce directory, or to
override the envelope sender of the bounce message to the special address
<#@[]> and the recipient to an administrative address (perhaps configured
using /etc/nullmailer
In the case of a grave misconfiguration where delivery of a message with the
special envelope sender <#@[]> fails, nullmailer should log an error and
delete the message from the queue.
--
Brian Ristuccia
<email address hidden>