Hey all, For the past day or so, one of my users has been trying to relay a 250 megabyte message. I started noticing a 400 kbps spike on my MRTG graph that started yesterday evening, and after doing some capturing with snort, realised that it was due to repeated inbound sessions on port 587 from the same IP address.
Sure enough, in the maillog there is a "523 Message length exceeds administrative limit" message every hour or so. Apparently, the client will connect, spew hundreds of megabytes of data until it thinks it's done, gets the 523 message, and blindly try again. Repeat ad infinitum. I have just gotten through to the responsible party on the phone; apparently they now recognize this as the problem, but for whatever reason can't figure out how to delete it from their outbound queue in Outlook. *rolls eyes* In the short term, I could block their IP address in smtpaccess to stem the tide. Moreover, though, I'm wondering if there is a better way to avoid this situation or at least make it more trackable. Specifically, why is Courier accepting hundreds of megabytes for an hour before issuing the 523 message? Unfortunately there is no message size being communicated in the MAIL FROM conversation (I can see this from my packet capture) so Courier has no basis to immediately reject the attempt. However, it seems reasonable that it should terminate the session after a prerequisite time has elapsed or the threshold number of bytes have been received. This doesn't appear to be happening. Any comments or suggestions, anyone? -ben -- Ben Kennedy, chief magician zygoat creative technical services 613-228-3392 | 1-866-466-4628 http://www.zygoat.ca ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
