Alan Parker <parker@nrl-css.ARPA> (01/22/85)
The following problem seems to just appeared out of the blue. We run 4.2 on a 780 connected to the Internet and a local net. About a week ago we starting running out of file space on /usr. After looking around I found a >20 Meg incoming message (sun-spot digest) in /usr/spool/mqueue. The second line of the message was repeated thousands of times; 20 Meg worth. I deleted this file and rebooted just to be sure of getting a clean state. This weekend the problem returned. This time the huge message just starts with text, so I can't tell where its coming from. In addition, I also fine that after a while I have many (>12) "sendmail -bd -q1h" processes running. This does great harm to the load average. How is this related to the other problem? Any ideas what my basic trouble is? By the way, we've been running 4.2 since July and haven't seen this problem before a week ago. No sendmail hacking has been going on. -Alan
chris@umcp-cs.UUCP (Chris Torek) (01/23/85)
This is (what else) a sendmail bug. It doesn't check for EOF very carefully. If it gets a line that's not terminated by a CRLF (probably actually just a CR or just an LF will do) just before the EOF, it goes nuts and fills your file systems with thousands of copies of the last input line plus whatever else happens to be left in a buffer. At least, this is what I've heard, and it sounds like it might do it. The reason you get fifteen or twenty sendmails driving the load way up is that the remote site (which dropped its SMTP connection, which is why you got the EOF) has retried the funky mail item fifteen or twenty times. -- (This line accidently left nonblank.) In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7690) UUCP: {seismo,allegra,brl-bmd}!umcp-cs!chris CSNet: chris@umcp-cs ARPA: chris@maryland
BostonU SysMgr <root%bostonu.csnet@CSNET-RELAY.ARPA> (01/25/85)
Just a total guess but it sounds like I would look for someone hacking your machine from outside or some kind of (also outside) accident. Check the source addresses on all SMTP connections when this is happening (netstat). -Barry Shein, Boston University