Mailing list performance fixed (I hope)

[Fyodor <fyodor () insecure org>]

Hi All!  I spent many hours over the last few days trying to to
improve Mailman performance, which was severely bogged down.  Messages
requiring moderation (e.g. those from non-members) were taking 5+
hours to get through.  Subscription attempts on the web site were
failing (timeout).  I tried a bunch of "solutions", such as cleaning
up the Mailman queue file and data directories, removing held/bounce
messages, restarting the whole server, etc.  But I think the problem
was that spammers were sending many thousands of messages per day to
mailman-related addresses (e.g. nmap-hackers@, nmap-hackers-woner@,
nmap-hackers-subscribe@, nmap-dev@, mailman@, etc.).  For lists with
tens of thousands of members, each such mail can take Mailman a long
time to process just to check things such as whether the sender is an
actual list member.  Meanwhile, the flood of spam kept the list locked
from other mailman-related processes such as moderation notices and
subscription requests.

I reconfigured the mail server (Postfix) so that it rejects RCPT to
mailman-related addresses if the client is on the Spamhouse Exploits
Block List (http://www.spamhaus.org/xbl/index.lasso) or SBL
(http://www.spamhaus.org/sbl/index.lasso).  In the last 12 hours, that
has blocked 31,840 messages.  Some of those would have been blocked by
other mechanisms before, but many would have gone through and clogged
mailman.

!@#$!@# spammers!#@$!@#$

Anyway, let me know if you find anything broken WRT the mailing lists,
mail server, web sites, SVN, etc.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org