Re: [exim] Whats wrong with this mime message?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: W B Hacker
Date:  
À: exim users
Sujet: Re: [exim] Whats wrong with this mime message?
B. Cook wrote:

> I have found that since I added the surbl perl script to my exim config
> that some messages take massive ammounts of CPU in exim.


Surely you are not surprised?

>
> I have removed the data acl scanning portion and have found that the
> mime portion is more effective and less prone to this massive cpu usage.
>


That may be true as far as it goes. So too, carrying a bicycle on your back
reduces the risk of flat tires.

But why do so?

> Below are the headers from a message that takes me 30+ minutes to scan
> on a 2.4G HT box w/ 1G ram on a FreeBSD 6.1-p2 box.


Rethink your goals.

Anything that you really believe regularly justifies such intensive scanning, or
even might once in a great while need it, should be done post-smtp by some other
process external to the MTA.

IF that is even a server-resident animal, best to 'nice' it down so that even if
it took 30 *hours*, it never robbed more time-sensitive processes of resources.

Better yet to 'quarantine' it if you cannot reject it, and leave the rest to the
addressee and *their* CPU.

Exim should be used with short, highly efficient, 'connect time' tests to manage
the vast majority of traffic effectively.

More resource-intensive data-phase tests need to have realistic limits in place,
by size, type of test, levels of recursion, restrictions on remote calls, etc.

Anything less precise, and you are inviting a DoS 'mailbomb' - accidental or
otherwise.

If you are going to support email as a substitute for ftp/http file transfer,
then you need to take care as to whom is permitted to do this, and limit
scanning (if any) to how, what, and where it can be supported.

HTH,

Bill

>
> Return-Path: <thelogans@???>
> Delivered-To: eaa@???
> Received: (qmail 27585 invoked by uid 0); 13 Jul 2006 17:53:09 -0000
> Received: from unknown (HELO c.mx.poklib.org) (64.72.87.254)
>    by vhnet.mx with SMTP; 13 Jul 2006 17:53:09 -0000
> Received: from mtiwmhc11.worldnet.att.net ([204.127.131.115])
>           by c.mx.poklib.org with esmtp (Exim 4.62; FreeBSD)
>           (envelope-from <thelogans@???>) id 1G14tw-000FxS-Il
>          for eaa@??? ; Thu, 13 Jul 2006 13:53:09 -0400
> Received: from mwebmail15.att.net ([204.127.135.41])
>            by worldnet.att.net (mtiwmhc11) with SMTP
>            id <20060712201541111004ahvqe>; Wed, 12 Jul 2006 20:15:41 +0000
> Received: from [12.76.143.48] by mwebmail15.att.net;
>          Wed, 12 Jul 2006 20:15:40 +0000
> X-Virus-Check: ClamAV 0.88.2/1598 on c.mx.poklib.org; Thu, 13 Jul 2006 
> 13:53:09 -0400
> From: thelogans@???
> Subject: Fwd: FW: The Sex Fairy
> Date: Wed, 12 Jul 2006 20:15:40 +0000
> Message-Id: 
> <071220062015.11304.44B5586B00020ACC00002C2821587667209C020E0901040A089B@???>
> X-Mailer: AT&T Message Center Version 1 (Feb 28 2006)
> X-Authenticated-Sender: dGhlbG9nYW5zQGF0dC5uZXQ=
> MIME-Version: 1.0
> Content-Type: multipart/mixed; 
> boundary="NextPart_Webmail_9m3u9jl4l_11304_1152735340_0"
> X-MIME-Count: 0
> X-MIME-Count: 1
> X-MIME-Count: 2
> X-MIME-Count: 3
> X-MIME-Count: 4
> X-MIME-Count: 5
> X-MIME-Character-set: US-ASCII
> X-MIME-Character-set: iso-8859-1

>
> #EOF
>
>
> Below is my acl_check_mime on the exim server:
>
> ###
> ### START ACL MIME
> ###
> acl_check_mime:
>
> # Decode MIME parts to disk. This will support virus scanners later.
> warn decode     = default

>
> warn message    = X-MIME-Character-set: $mime_charset
>   condition      = ${if eq{$mime_charset}{}{0}{1}}

>
> # not sure if this is working as intendted
> accept condition        = ${if >={$mime_part_count}{15}{1}{0}}

>
> # SURBL Check
> deny set acl_m0 = ${perl{surblspamcheck}}
> message = $acl_m0
> condition = ${if eq{$acl_m0}{false}{no}{yes}}
> log_message = SURBL URL mime
>
> accept
>
> #EOF
>
> We are delivering to a qmail box (for what it's worth)
>
> 2006-07-13 13:23:00 SMTP connection from [204.127.131.115] (TCP/IP
> connection count = 39)
> 2006-07-13 13:53:09 1G14tw-000FxS-Il <= thelogans@???
> H=mtiwmhc11.worldnet.att.net [204.127.131.115] P=esmtp S=127246
> id=071220062015.11304.44B5586B00020ACC00002C2821587667209C020E0901040A089B@???
> T="Fwd: FW: The Sex Fairy"
> 2006-07-13 13:53:09 1G14tw-000FxS-Il => eaa@??? R=bsd_manual_route
> T=bsd_smtp H=64.72.68.14 [64.72.68.14] QT=30m9s DT=0s
> 2006-07-13 13:53:09 1G14tw-000FxS-Il Completed
>
> http://extraball.sunsite.dk/notepad.php?ID=19040&parse=c has a pasted
> output of what mutt shows the attachments are; something like 64 parts..
>
>