Bugtraq mailing list archives
Microsoft's SMTP service broken/stupid
From: cadams () RO COM (Chris Adams)
Date: Sun, 14 Mar 1999 20:49:30 -0600
Our mail servers came to a screeching halt today thanks to Microsoft. Our servers are still running sendmail 8.8 (we've got custom stuff and are working on upgrading to 8.9, but it has been slow), so any kind of DNS error (like invalid reverse DNS) returns a 4xx error - temporary problem. When we get a message like this, the sending site will requeue the message and try again in 30 minutes to an hour. After a bit, they stop trying. It is not a perfect solution, but it is all that is available under sendmail 8.8 (sendmail 8.9 differentiates between temporary and permanent DNS errors). Well, that has been fine, but now Microsoft's SMTP service comes along. When it gets that temporary error (for invalid reverse DNS), it tries again. Fast. Like, right away, with no delay. This bogs down our servers a bit, especially the extra logging load, but eventually they go away. Yesterday, we got hit by four different servers running Microsoft's software. One attempted delivery nearly 200,000 times, and the other three attempted to 30,000-40,000 times each. This on a server that usually sees ~40,000 messages a day. This filled up our logs, bogged everything down, and basically killed us. This is not a configuration issue AFAIK. In the past, I've worked through it with one person, and he said he bumped up his retry time to 3 hours and his server was still attempting multiple deliveries per second. This basically amounts to a denial of service attack by Microsoft's SMTP service. Here is the connect string from several of the servers that hit us (I've changed the hostname): 220-example.com Microsoft SMTP MAIL ready at Sun, 14 Mar 1999 21:44:02 -0500 Version: 5.5.1877.977.9 I was able to connect to several of the SMTP servers that hit us and they are all running this version. Several of them don't accept incoming connections (gee thanks - send me junk and don't accept any back). I haven't been able to find anything at Microsoft about this. I would think that attempting several outgoing connections per second would tend to bog down the NT server as well, so I figured they might have mentioned it. Has anybody else seen this? -- Chris Adams - cadams () ro com System Administrator - Renaissance Internet Services I don't speak for anybody but myself - that's enough trouble.
Current thread:
- Bug in IRC services fractalg (Mar 12)
- Re: Bug in IRC services Kevin Day (Mar 12)
- Re: Bug in IRC services David Schwartz (Mar 12)
- <Possible follow-ups>
- Re: Bug in IRC services Taral (Mar 12)
- Re: Bug in IRC services Pedro Ribeiro (Mar 13)
- Bug in IRC services Leal Duarte (Mar 13)
- erps kasper (Mar 13)
- GLPro.exe spam fix Kerb (Mar 14)
- Microsoft's SMTP service broken/stupid Chris Adams (Mar 14)
- Re: Microsoft's SMTP service broken/stupid Alan Brown (Mar 16)
- Re: Bug in IRC services Pedro Ribeiro (Mar 13)
- Re: Bug in IRC services Andy Church (Mar 12)