SmashTech

Yesterday, I learned a valuable lesson on why you should never assume that a situtation will ‘never happen’ when it comes to a server or network.  In this case, it revolves around a POP3 mailserver and email attachments.

One remote site accesses all of its email via POP3, unlike all the other sites which are on Exchange.  This site is connected to the core office by a T1 link.  Normally, problems are few, as most traffic on the link is telnet.  Then, one user sent an email message.  A very large message.  Around 23MB large.  To all 89 employees at that site.

In going over the logs for that timeframe, the source message took about 10 minutes to send.  That didn’t cause any problems.  Its what happened once it hit the server that brought everything to a crawl.  All the users are setup on a Linux VM.  When sendmail received that 23MB attachment, for all 89 users, it made 89 distinct copies and gave one to each user (this here is why I love Single Instance Storage in Exchange).  The copies immediately chewed up a little over 2GB of space. 

Within minutes, the T1 link was suddenly brought to a standstill by the other 89 users’ Outlook doing a send/receive operation automatically.   The phones began ringing, and the problem was quickly tracked down.  However, the network link for the server did have to be disconnected for a few minutes to prevent users from getting a lock on their mailboxes, so we could clean them up.

Had the message been allowed to sit in place, it would have taken slightly over 3 hours and 5 minutes, at full saturation of the T1, for everyone to get their mail (and do nothing else during that time).  The results of this little fiasco?  Attachments now have a file size limit to match our Exchange limits, and POP3 traffic is rate-limited on the link to 768kbps.

I will be so glad once this location has been switched to Exchange.

MP3 spam is on the way , if you haven’t gotten it already.  Follow the link for an example of what the recording sounds like.

I’ve already gotten a couple reports from users at work of a strange MP3 file arriving in their inbox, and gotten a couple myself.  While this doesn’t seem quite as prevalent as the earlier PDF spam outbreak this year, it does show that the spammers are trying another trick to get around the filters companies have in place.

In this case, the audio file is of a distorted British text to speech recording which is pumping the stock of some Canadian auto parts company.  Since MP3s may be legitimate attachments in some cases, I’d recommend setting your email filter to quarantine incoming MP3s and not outright block them.

From the OC Register -

“SWAT officers expected to find a victim shot to death, drugs and a belligerent armed suspect when they surrounded the home of an unsuspecting couple, but found they were only a part of a false emergency call caused by a teenager who hacked into the county’s emergency response system, authorities said.”

Fortunately nobody was killed, but the couple was handcuffed before SWAT members realized this was a prank call.  The ‘father’ I assume is lucky to be alive.  He heard noises outside the house and grabbed a knife from the kitchen before SWAT came in.

Randall Ellis is expected in court Monday to face charges of “computer access and fraud, false imprisonment by violence, falsely reporting a crime and assault with an assault weapon by proxy.”  Hopefully they throw the book at this kid and put him away for a long time.