I'd say it was the aftermath of sobig.f, but the damn thing is still hitting at a touch more than three a minute. I expect the thing'll flare up on Monday once people start getting back into work and powering back on infected machines and getting back from vacation and reading infected e-mail.
This hasn't entirely been a waste, though. It's the last straw to get me to upgrade my infrastructure at home, so I'm off with $300 in hand to find a new x86 box with sufficient disk space and power to be my home server. Given that the reference machine is a 300MHz Celeron with 128M of RAM and 17G of disk (across three drives that shouldn't be tough. I'm not going to bother trying to upgrade the current one--there's no room for new drives, and I know better than to try and do a full personality wipe and recreate on this box. Much better to just get a new one, set it up, copy things over, and swap IP addresses.
That means I get to finally dump sendmail for something else (probably qmail, mainly because Ask uses it for the perl.org servers and I can leech handy config settings off him :) and get in place the blackhole w/backoff system I've been fiddling with to temporarily block the spam-sending machines. (Though I may well block them in the mail server level rather than at routing level, dunno yet)
If nothing else I need more disk space for the mail spool. I got very lucky this time, but when sobig.g or its moral equivalent hits, and it will, I think I'm going to need a couple of gig free to handle the first day's onslaught of crap.
Posted by Dan at August 24, 2003 12:13 PM | TrackBack (0)Depending on your needs, qmail may not be the best choice for you. The Rule with qmail is "all mail enters the queue." If you get a lot of mail, the queue can become a bottleneck which fills up and slows down delivery. It doesn't matter whether the mail will eventually succeed or fail to be delivered, it still sits in the queue. If it's a temporary failure it's even worse, because it stays in the queue for even longer, and then a bounce message enters the queue, which may also be undeliverable, etc. I've also seen cases where qmail insists on trying to deliver all of the old, undeliverable messages from the queue, before it even starts trying the newer, deliverable ones.
I admit that I've only seen this become a problem in a shared server environment, where many people use a single mail server and therefore the mail volume is "high". But given sufficient mail volume (it sounds like you have this with sobig, at the very least) you may experience difficulties.
Also note that Qmail Has No Bugs (tm), and therefore there has been no significant development from the core developers for several years.
I also don't prefer sendmail. So if you discover a third alternative, please let me know :)
Alan
I'm willing to experiment with qmail--if it turns out to be suboptimal I'll switch to exim or something. My current mail system's just gotten so crufty that it's not feasable to change, so I'm taking this opportunity to try something else. Hopefully this'll turn out to be worth it, and I can finally donate my Bat book to the local library...
Posted by: Dan at September 3, 2003 02:19 PM