?

Log in

No account? Create an account

Previous Entry | Next Entry

nightlife

Anti-virus fork bombs

  • 13th Jun, 2004 at 1:35 AM

Inspired by a friend's spam solution, I decided that I should finally figure out how ClamAV worked, and to set it up on my computer.

I install it through backports.org, and test it. Aha, clamscan seems to work, why don't I test it by putting it in my procmail script. Oh, that works too.

Then I go and do something else. Strangely enough, my mail setup seems to be getting slower, and my session is no longer interactive. Why is that? I can ping the machine easily enough, so there aren't network problems.… oh no! fetchmail just ran and sucked in a bazillion emails!

23:37:25 up 239 days, 23:10,  2 users,  load average: 92.98, 93.41, 95.77

Stopping fetchmail and exim took a long time. But now I've got amavisd running, so sanity should return. Dumb, dumb, dumb!


Comments

( 1 comment — Leave a comment )
wouterverhelst
13th Jun, 2004 12:11 (UTC)
Re: You can avoid this...

Exim has settings to defer delivery or even give 4xx return codes at SMTP time if the system load is getting too high. I've had to install such limits on my server, too, a while ago, since that one's only a Pentium 100, and I don't want it to implode when there's too much mail :-)


If you're using exim 3, the relevant settings (with the values as I used them) are:


# Don't deliver messages if load is above this level
deliver_load_max = 10
# Abandon queue run if load gets above this level (if unset, use the above)
deliver_queue_load_max = 15
# Start queueing instead of delivering if load gets above this level
queue_only_load = 15
# Start rejecting (4xx) if load gets above this level
smtp_load_reserve = 20

In exim4, the deliver_load_max and deliver_queue_load_max variables have been merged into one; you cannot set the deliver_load_max value there any more.

( 1 comment — Leave a comment )