Very Computer

I'm using /etc/mail/access.db, with the source containing the following
for testing purposes:

I telneted to port 25 after running makemap and this is what my session
looked like after the EHLO command:

rset
250 Reset state

At this point, the connection 'hangs'. From the client side, I can kill
the connection, but on the machine running the sendmail daemon, the
sendmail process continues to run. It's been running for almost 24 hours
now.

I can send it a SIGUSR1 with kill, resulting in the following syslog
entries:

Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: --- dumping state on user
signal: $j = xyz0.cc.uic.edu ---
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: CurChildren = 0
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: --- open file
descriptors: ---
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   0: fl=0x0, mode=20666:
CHR: size=0
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   1: CANNOT STAT (Invalid
argument)
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   2: fl=0x1, mode=20666:
CHR: size=0
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   3: fl=0x10001,
mode=10666: FIFO: size=4096
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   4: CANNOT STAT (Invalid
argument)
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   5: CANNOT STAT (Invalid
argument)
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   7: fl=0x0, mode=100600:
size=40960
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   8: fl=0x0, mode=100644:
size=40960
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: --- connection cache: ---
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: --- end of state dump ---

NB: I've set Timeout.command=20m using confTO_COMMAND in my m4 source.

I just tried a similar SMTP conversation with a valid MAIL FROM: ....
command (i.e. passes access_db checks) and it seems the RSET followed by
a new and valid MAIL FROM: ... also hangs.

Has anyone seen this? Seems like an easy way to create a DOS attack. I
have yet to try this on another OS.

Thanks,
Vinod Kutty.

I'm using /etc/mail/access.db, with the source containing the following
for testing purposes:

I telneted to port 25 after running makemap and this is what my session
looked like after the EHLO command:

rset
250 Reset state

At this point, the connection 'hangs'. From the client side, I can kill
the connection, but on the machine running the sendmail daemon, the
sendmail process continues to run. It's been running for almost 24 hours
now.

I can send it a SIGUSR1 with kill, resulting in the following syslog
entries:

Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: --- dumping state on user
signal: $j = xyz0.cc.uic.edu ---
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: CurChildren = 0
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: --- open file
descriptors: ---
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   0: fl=0x0, mode=20666:
CHR: size=0
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   1: CANNOT STAT (Invalid
argument)
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   2: fl=0x1, mode=20666:
CHR: size=0
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   3: fl=0x10001,
mode=10666: FIFO: size=4096
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   4: CANNOT STAT (Invalid
argument)
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   5: CANNOT STAT (Invalid
argument)
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   7: fl=0x0, mode=100600:
size=40960
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE:   8: fl=0x0, mode=100644:
size=40960
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: --- connection cache: ---
Jul 15 15:06:46 xyz0 sendmail[12528]: NOQUEUE: --- end of state dump ---

NB: I've set Timeout.command=20m using confTO_COMMAND in my m4 source.

I just tried a similar SMTP conversation with a valid MAIL FROM: ....
command (i.e. passes access_db checks) and it seems the RSET followed by
a new and valid MAIL FROM: ... also hangs.

Has anyone seen this? Seems like an easy way to create a DOS attack. I
have yet to try this on another OS.

Thanks,
Vinod Kutty.

Quote:>I was testing out the access_db feature with sendmail-8.9.1 which I
>compiled under HP-UX 10.20 and I have noticed a problem.

This bug was discussed about two weeks ago in the group (see: sendmail 8.9.0
on HP-UX 9.01). It seems to be a bug in db-2.4.14, the guys at sleepycat
are working on it. In the meantime recompile db-2.4.14 with
--enable-diagnostic as a workaround (and don't forget to re-link sendmail
with the new db-library).

Best regards,
        Lutz Jaenicke
--

TU Berlin              http://www.iee.TU-Berlin.DE/personen/jaenicke/
Institut fuer Elektrische Energietechnik        Tel. +49 30 314-24552
Einsteinufer 11, D-10587 Berlin                 Fax. +49 30 314-21133