Re: mail storm

[mouse () Holo Rodents Montreal QC CA (der Mouse)]

> Imagine [someone] is willing to do something disruptive [...]
> [scheme for siccing mailing lists on one another]

> My suspicion is that many machines would be driven up to their "OX"
> load as defined in sendmail, that others would have no "OX" defined
> and hence would be driven into the ground, and that many machines
> would suffer overflowing mail spools - a sizeable number of which
> would be on root filesystems.

You don't even need very many lists involved.  I once saw a case where
a user had logins on three machines: user@A, user@B, and user@C.  On
each machine this user set up a .forward file that delivered locally
and forwarded to the other two machines, as in A:~user/.forward (for
example) contained
                \user, user@B, user@C

This did not come to my attention until one day I noticed a machine had
ground to a halt.  This machine did that relatively often; I just
rebooted.  Shortly thereafter it ground to a halt again; this was
unusual enough for me to investigate, and I saw zillions of sendmails.
I checked the mail queue and got seriously spammed; I then investigated
more and found what the user had done.  Two of the three machines were
under my control; I blew away the forwarding on those two and let the
remaining queues burn themselves out.  (This particular incident was
not malicious; the user simply had not thought enough to realize that
he was creating forwarding loops and worse.)

My point is that with only three machines, you can get an exponential
explosion bad enough to bring at least the weakest of the three to its
knees.  Even if you have only three lists, just arrange to subscribe
each of them to both of the others, and boom.

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu
                    01 EE 31 F6 BB 0C 34 36  00 F3 7C 5A C1 A0 67 1D