So after we cleared out those attachments to OSGeo JP mailing list disk
space dropped down quite a bit. But over the last week it steadily
climbed up again and I'm seeing really big disk I/O numbers.
http://webextra.osgeo.osuosl.org/munin/osgeo.org/mail.osgeo.org.html
So I suspect something else isn't right, possible other misconfigured
lists being abused? Someone want to look into this?
Thanks,
Alex
On Sun, Sep 29, 2013 at 8:02 PM, Alex Mandel <tech_dev@wildintellect.com> wrote:
So after we cleared out those attachments to OSGeo JP mailing list disk
space dropped down quite a bit. But over the last week it steadily
climbed up again and I'm seeing really big disk I/O numbers.http://webextra.osgeo.osuosl.org/munin/osgeo.org/mail.osgeo.org.html
So I suspect something else isn't right, possible other misconfigured
lists being abused? Someone want to look into this?
I checked a bit and see this:
# from this rackspace center we have a series of different email subscribers
# with all kinds of email addresses (not shown for privacy):
mail:~# grep 46.249.55.80 /var/log/mailman/subscribe | rev | tr -s ' ' ' ' \
| cut -d' ' -f1,2 | rev | sort -u | wc -l
34
# .. which currently generate tons of pending subscription mesages since
# they apparently try to subscribe to all mailing lists:
mail:~# grep 46.249.55.80 /var/log/mailman/subscribe | wc -l
99012
mail:~# ls -la /var/log/mailman/subscribe
-rw-rw-r-- 1 list list 148354470 Sep 29 11:38 /var/log/mailman/subscribe
# ... overly much for my taste. I feel that they try to brute-force
mailman subscriptions.
For now I have added 46.249.55.80 to /etc/hosts.deny (not sure if that helps).
########### Disk Space
mail:~# cd /var/lib/mailman/archives/private/
mail:~# dusage.sh # my small helper script
...
791 grass-dev
850 fdo-commits
885 grass-user
1262 mapserver-users
1862 postgis-users
1974 grass-commit
5180 osgeojapan-board
Analysing the attachments in the OSGeo.JP mailing list as I did last
time, it turns out that someone/something happily sends the same files
around:
mail:/var/lib/mailman/archives/private/osgeojapan-board/attachments/20130606/7f9eb5dc#
unzip -l attachment-0062.zip
Archive: attachment-0062.zip
Length Date Time Name
--------- ---------- ----- ----
2547848 2013-06-05 22:57 Program_Nagoya_day1.pdf
0 2013-06-05 22:57 __MACOSX/
461 2013-06-05 22:57 __MACOSX/._Program_Nagoya_day1.pdf
3372204 2013-06-05 22:57 Program_Nagoya_day2.pdf
461 2013-06-05 22:57 __MACOSX/._Program_Nagoya_day2.pdf
472614 2013-06-05 22:57 sub_Program_tenji.pdf
461 2013-06-05 22:57 __MACOSX/._sub_Program_tenji.pdf
--------- -------
6394049 7 files
mail:/var/lib/mailman/archives/private/osgeojapan-board/attachments/20130606/7f9eb5dc#
unzip -l attachment-0099.zip
Archive: attachment-0099.zip
Length Date Time Name
--------- ---------- ----- ----
2547848 2013-06-05 22:57 Program_Nagoya_day1.pdf
0 2013-06-05 22:57 __MACOSX/
461 2013-06-05 22:57 __MACOSX/._Program_Nagoya_day1.pdf
3372204 2013-06-05 22:57 Program_Nagoya_day2.pdf
461 2013-06-05 22:57 __MACOSX/._Program_Nagoya_day2.pdf
472614 2013-06-05 22:57 sub_Program_tenji.pdf
461 2013-06-05 22:57 __MACOSX/._sub_Program_tenji.pdf
--------- -------
6394049 7 files
mail:/var/lib/mailman/archives/private/osgeojapan-board/attachments/20130606/7f9eb5dc#
unzip -l attachment-0108.zip
Archive: attachment-0108.zip
Length Date Time Name
--------- ---------- ----- ----
2547848 2013-06-05 22:57 Program_Nagoya_day1.pdf
0 2013-06-05 22:57 __MACOSX/
461 2013-06-05 22:57 __MACOSX/._Program_Nagoya_day1.pdf
3372204 2013-06-05 22:57 Program_Nagoya_day2.pdf
461 2013-06-05 22:57 __MACOSX/._Program_Nagoya_day2.pdf
472614 2013-06-05 22:57 sub_Program_tenji.pdf
461 2013-06-05 22:57 __MACOSX/._sub_Program_tenji.pdf
--------- -------
6394049 7 files
Inspecting with mutt the file "osgeojapan-board.mbox" without
modifying it, I see that this behaviour is not reflected in the mbox
file (recent messages do not have this attachment). So, something is
odd here.
mail:/var/lib/mailman/archives/private/osgeojapan-board# du -hs attachments/
5.0G attachments/
So far my analysis.
Markus