auto-dbm mail storm filter?
Geert Jan de Groot
Tue Mar 21 00:04:14 CET 1995
Hi Dale, Yes, we know the problem ;-). The way we approached it, is: 1. We have an account for user questions on the database: ripe-dbm at ripe.net. This account is monitored dayly; call it the database-helpdesk ;-) 2. Responses from the database are carefully crafted to come from ripe-dbm at ripe.net instead of the robot itself. 3. Sendmail does not accept normal mortals to fale the from-address, so we had to add auto-dbm to the Trusted users in sendmail.cf (this is a sendmail-5.65ism; sendmail 8 is different though I don't know the details right now) I found some more documentation in the config file: # MAILCMD is the command into which a composed e-mail is given as standard # input, to be send as mail. The message piped into this command has ALL # the necessary mail header to process the mail: # From: # To: # Subject: # The mail command should take the recipients from the actual message. # Using sendmail it will be executed as: /usr/lib/sendmail -t < "messagefile" # (default: /usr/lib/sendmail -t) # # NOTE: # -fripe-dbm makes ripe-dbm the trusted user that will appear on the # envelope. Bounces will go to this address. If you do not specify # this, sendmail will send bounces straight back to the automatic # mailbox, where it will bounce again, and again, .... # User has to be a trusted user, T<name> in sendmail.cf. MAILCMD /usr/lib/sendmail -fripe-dbm -t Is this sufficient? Geert Jan On Mon, 20 Mar 1995 17:06:28 -0500 "Dale S. Johnson" wrote: > Help! We've been having an auto-dbm mail storm... > > We got a modification to a maintainer object (bizarre; below) which > contained an upd-to: line specifying a non-existant address. The object > was rejected for fairly mundane reasons; then the fun began. > > Sendmail attempted to send notification of the rejection to everyone > on the upd-to list, but one of the recipients did not exist. Sendmail > therefore could not deliver the notification message. Because it failed > in delivering a message for user "auto-dbm" to the non-existant address, > Sendmail tried to send a "auto-dbm" a message about this problem to user > "auto-dbm". "auto-dbm" noticed the embedded maintainer object, and noticed > that "<MAILER-DAEMON>" was not authorized to submit changes for that > maintainer object, so it tried to notify all the addresses on the upd-to > list, but one of them didn't exist, and so on and so on... until Cengiz > noticed that the machine was acting slow and Laurent noticed that his > mailbox was filling up with mail forwarded from postmaster at radb.ra.net, > and Brian Renaud jumped in to fix it: > > > agrep '^Mar' errlog | grep 'email failure' | cut -c30-200 | sort | uniq -c | sort -rn > > 8329 ilure "Mail Delivery Subsystem <MAILER-DAEMON>" !~ "kdugan at ibm.net" > > 8329 ilure "Mail Delivery Subsystem <MAILER-DAEMON>" !~ "kdugan at cwi.net" > > 8329 ilure "Mail Delivery Subsystem <MAILER-DAEMON>" !~ "joliveto at cwi.net" > > 8329 ilure "Mail Delivery Subsystem <MAILER-DAEMON>" !~ "dnguyen at cwi.net" > > 1618 ilure "sob at ns.sesqui.net" !~ "jian at rice.edu" > > 1618 ilure "sob at ns.sesqui.net" !~ "cathyf at rice.edu" > > > Question: > > RIPE software has been active a long time; it must have a solution to > this bad-email-address causing loop problem. What is this solution? Is > sendmail on ns.ripe.net configured to do something with error messages > other than return them to the mailing ID's (such as auto-dbm)? Or is > there some configuration in dbupdate somewhere that catches this kind > of mail loop that we need to tweak? > > Has anyone solved this before? > > (Does anyone have instrumentation in place that would have alerted someone > of this kind of problem?) > > --Dale > > > > > ========================= > > > >>> MAIL ACK <<< > > > > To: Mail Delivery Subsystem <MAILER-DAEMON> > > From: NSF Routing Arbiter Database Management <rradmin at ra.net> > > Subject: Re: Returned mail: User unknown > > Reply-To: rradmin at ra.net > > Precedence: bulk > > > > Your e-mail: > > > > > From: Mail Delivery Subsystem <MAILER-DAEMON> > > > Subject: Returned mail: User unknown > > > Date: Mon, 20 Mar 1995 15:01:38 -0500 > > > Msg-Id: <199503202001.PAA28941 at radb.ra.net> > > > > has been processed by the automatic update procedure at the NSF Routing > > Arbiter. > > Diagnostic output follows: > > > > ------------------------------------------------------------------------ > > Update FAILED: [] > > > > content-type: message/rfc822 > > *ERROR*: Unknown object type > > > > Update FAILED: [] > > > > received: (from auto-dbm at localhost) by radb.ra.net (8.6.10/8.6.9) id > > PAA28939; Mon, 20 Mar 1995 15:01:37 -0500 > > message-id: <199503202001.PAA28939 at radb.ra.net> > > subject: Requested NSF Routing Arbiter database object changes > > to: net-sec at dcb01a.cwi.net > > reply-to: rradmin at radb.ra.net > > from: NSF Routing Arbiter Database Maintainer Forwarding > > <rradmin at radb.ra.net> > > date: Mon, 20 Mar 1995 15:01:37 -0500 > > return-path: auto-dbm > > *ERROR*: Unknown object type > > > > Update FAILED: [mntner] MAINT-AS4445 > > > > mntner: MAINT-AS4445 > > descr: Cable & Wireless, Inc. > > descr: Internet Services > > descr: People authorized to make changes for AS4445 > > admin-c: JO106 > > tech-c: KD84 > > upd-to: kdugan at cwi.net > > upd-to: dnguyen at cwi.net > > upd-to: mds-noc at cwi.net > > upd-to: net-sec at cwi.net > > mnt-nfy: kdugan at cwi.net > > mnt-nfy: dnguyen at cwi.net > > auth: MAIL-FROM kdugan at cwi.net > > auth: MAIL-FROM dnguyen at cwi.net > > auth: MAIL-FROM joliveto at cwi.net > > auth: MAIL-FROM kdugan at ibm.net > > remarks: I desperately need to add autonomous system # 701 as the > > priority > > remarks: 1 routing AS for AS4445. The following route entry was create d > > remarks: by SprintLink on our behalf but does not take into account our > > remarks: connectivity to UUNet via AS701. > > remarks: Host: whois.ra.net Looking up 205.136.0 > > remarks: route: 205.136.0.0/18 > > remarks: descr: Cable & Wireless, Inc > > remarks: descr: 8219 Leesburg Pike > > remarks: descr: Vienna > > remarks: descr: VA 22182, USA > > remarks: origin: AS4445 > > remarks: comm-list: COMM_NSFNET > > remarks: advisory: AS690 1:1239(128) 2:1800 3:1239(144) > > remarks: mnt-by: MAINT-AS4445 > > remarks: changed: nsfnet-admin at merit.edu 950308 > > remarks: source: PRDB > > remarks: Could you please add AS 701 to the advisory list of 205.136.0/ 18 > > remarks: in addition to adding this maintainer entry. I understand tha t > > remarks: I should really be sending an additional form to effect this, > > but > > remarks: I don't believe that I can do this until this maintainer entry > > is > > remarks: in place and then waiting for another update cycle. I can be > > remarks: reached at kdugan at ibm.net and at 703-760-3623. I've listed my > > remarks: mail address at ibm.net because without SprintLink being fully > > up > > remarks: and without the change to the advisory list to include AS 701 I > > remarks: can't be reached at cwi.net. I am the technical manager for > > remarks: the Internet Services division of Cable & Wireless and my nic > > handle > > remarks: is KD84. Thanks. > > notify: kdugan at cwi.net > > notify: dnguyen at cwi.net > > mnt-by: MAINT-AS4445 > > changed: kdugan at ibm.net 950316 > > source: RADB > > *ERROR*: authorisation failed, request forwarded to maintainer > > > > Update FAILED: [mntner] MAINT-AS4445 > > > > mntner: MAINT-AS4445 > > descr: Cable & Wireless, Inc. > > descr: Internet Services > > descr: People authorized to make changes for AS4445 > admin-c: JO106 > > tech-c: KD84 > > upd-to: kdugan at cwi.net > > upd-to: dnguyen at cwi.net > > upd-to: mds-noc at cwi.net > > upd-to: net-sec at cwi.net > > mnt-nfy: kdugan at cwi.net > > mnt-nfy: dnguyen at cwi.net > > auth: MAIL-FROM kdugan at cwi.net > > auth: MAIL-FROM dnguyen at cwi.net > > auth: MAIL-FROM joliveto at cwi.net > > auth: MAIL-FROM kdugan at ibm.net > > notify: kdugan at cwi.net > > notify: dnguyen at cwi.net > > mnt-by: MAINT-AS4445 > > changed: kdugan at ibm.net 950316 > > source: RADB > > *ERROR*: authorisation failed, request forwarded to maintainer > > > > Update FAILED: [mntner] MAINT-AS4445 > > > > mntner: MAINT-AS4445 > > descr: Cable & Wireless, Inc. > > descr: Internet Services > > descr: People authorized to make changes for AS4445 > > admin-c: JO106 > > tech-c: KD84 > > upd-to: kdugan at cwi.net > > upd-to: dnguyen at cwi.net > > upd-to: mds-noc at cwi.net > > upd-to: net-sec at cwi.net > > mnt-nfy: kdugan at cwi.net > > mnt-nfy: dnguyen at cwi.net > > auth: MAIL-FROM kdugan at cwi.net > > auth: MAIL-FROM dnguyen at cwi.net > > auth: MAIL-FROM joliveto at cwi.net > > auth: MAIL-FROM kdugan at ibm.net > > remarks: I desperately need to add autonomous system # 701 as the > > priority > > remarks: 1 routing AS for AS4445. The following route entry was create d > > remarks: by SprintLink on our behalf but does not take into account our > > remarks: connectivity to UUNet via AS701. > > remarks: Host: whois.ra.net Looking up 205.136.0 > > remarks: route: 205.136.0.0/18 > > remarks: descr: Cable & Wireless, Inc > > remarks: descr: 8219 Leesburg Pike > > remarks: descr: Vienna > > remarks: descr: VA 22182, USA > > remarks: origin: AS4445 > > remarks: comm-list: COMM_NSFNET > > remarks: advisory: AS690 1:1239(128) 2:1800 3:1239(144) > > remarks: mnt-by: MAINT-AS4445 > > remarks: changed: nsfnet-admin at merit.edu 950308 > > remarks: source: PRDB > > remarks: Could you please add AS 701 to the advisory list of 205.136.0/ 18 > > remarks: in addition to adding this maintainer entry. I understand tha t > > remarks: I should really be sending an additional form to effect this, > > but > > remarks: I don't believe that I can do this until this maintainer entry > > is > > remarks: in place and then waiting for another update cycle. I can be > > remarks: reached at kdugan at ibm.net and at 703-760-3623. I've listed my > > remarks: mail address at ibm.net because without SprintLink being fully > > up > > remarks: and without the change to the advisory list to include AS 701 I > > remarks: can't be reached at cwi.net. I am the technical manager for > > remarks: the Internet Services division of Cable & Wireless and my nic > > handle > > remarks: is KD84. Thanks. > > notify: kdugan at cwi.net > > notify: dnguyen at cwi.net > > mnt-by: MAINT-AS4445 > > changed: kdugan at ibm.net 950316 > > source: RADB > > *ERROR*: authorisation failed, request forwarded to maintainer > > > > Update FAILED: [mntner] MAINT-AS4445 > > > > mntner: MAINT-AS4445 > > descr: Cable & Wireless, Inc. > > descr: Internet Services > > descr: People authorized to make changes for AS4445 > > admin-c: JO106 > > tech-c: KD84 > > upd-to: kdugan at cwi.net > > upd-to: dnguyen at cwi.net > > upd-to: mds-noc at cwi.net > > upd-to: net-sec at cwi.net > > mnt-nfy: kdugan at cwi.net > > mnt-nfy: dnguyen at cwi.net > > auth: MAIL-FROM kdugan at cwi.net > > auth: MAIL-FROM dnguyen at cwi.net > > auth: MAIL-FROM joliveto at cwi.net > > auth: MAIL-FROM kdugan at ibm.net > > notify: kdugan at cwi.net > > notify: dnguyen at cwi.net > > mnt-by: MAINT-AS4445 > > changed: kdugan at ibm.net 950316 > > source: RADB > > *ERROR*: authorisation failed, request forwarded to maintainer > > > > > > Objects that just generated a WARNING have been updated as shown. > > > > Objects that generated an *ERROR* have NOT been updated as requested. > > Please re-submit corrected objects. > > ------------------------------------------------------------------------ > > If you have any question about an error or warning message, please > > contact <rradmin at ra.net>. > > > > Sincerely Yours, > > > > -------- Logged at Tue Mar 21 17:38:28 MET 1995 ---------
[ rr-impl Archive ]