[Esa-l] Email Sanitizer hanging

Brett Glass brett at lariat.org
Wed Oct 25 09:14:35 PDT 2000


The sanitizer works perfectly under FreeBSD. My guess is that you are
running out of swap. Perl and Procmail are big, and due to the
way Perl is invoked from Procmail they may make multiple
copies of a large message in memory. This problem is compounded if
several messages are being processed at once, so if you crash and
reboot you may immediately experience another crash as Sendmail begins
to process its queues again.

Try:

1. Limiting the maximum sizes of messages;
2. Limiting the number of Sendmail processes;
3. Limiting the load average at which Sendmail will fork new processes;
4. Turning off Office macro scoring, which can be done more effectively
   by a commercial virus scanner on the client so long as you know that
   one is present; and
5. Adding more swap space. FreeBSD's installer, /stand/sysinstall,
   allocates far too little swap space by default. It's best to use at least
   4 times the amount of physical RAM.

For more on these issues, and on the logistics of sanitizers in general, 
see the paper on stopping spam and malware which I presented at BSDCon. 
It's at

http://www.brettglass.com/spam/paper.html

--Brett Glass

At 09:54 AM 10/25/2000, Dan Bongert wrote:
  
>I have the sanitizer running well under FreeBSD 4.0-RELEASE, and it's doing
>everything as advertised (except mangling HTML and Word filenames--my users
>complained). The only problem I have with it is that every so often, perl runs
>away and takes up as much CPU time as possible. This also happened with an
>unmodified script, and I don't see how my changes might have caused any problem:
>
>  MANGLE_EXTENSIONS=''
>  #MANGLE_EXTENSIONS='html?|exe|com|cmd|bat|pif|sc[rt]|lnk|dll|ocx|do[ct]|xl[swt
>]|p[po]t|rtf|vb[se]?|hta|p[lm]|sh[bs]|hlp|chm|eml|ws[cfh]|ad[ep]|jse?|md[abew]|m
>s[ip]|reg|asd|cil'
>
>Is my only change from the stock script.
>
>Any one using the sanitizer under FreeBSD?
>
>-- 
>Dan Bongert                     dbongert at ssc.wisc.edu
>SSCC Unix System Administrator  (608) 262-9857
>_______________________________________________
>E-mail Security Announce list mailing list
>E-mail Security Announce list at spconnect.com
>http://www.spconnect.com/mailman/listinfo/esa-l




More information about the esd-l mailing list