Qmail-smtpd errors in messages log

Justec · February 12, 2006, 4:21pm

kernel: qmail-smtpd[26976]: segfault at 000000010000000b rip 0000000000408ea0 rsp 0000007fbffffb18 error 6

I’m getting the following error in my /var/log/messages at lot. What would cause this to happen? Qmail seems to still be working fine.

system · February 13, 2006, 4:11am

Hi

It looks like the pbm of large header lines > 2GB

look at http://thedjbway.org/qmail/patches/qmail-1.03.smtpd-blast.patch

but it should be much better to open an interworx support ticket

Pascal

Justec · February 13, 2006, 8:03am

Thanks Pascal!

I did put a ticket in and have put a link to this thread in my ticket. I guess a fix will be posted here as soon as its offical.

Also, something I found funny in that link Pascal:
“After this patch is applied and installed, qmail-smtpd will then be able to process single header lines of any length without failure.
(So maybe it would be better if qmail-smtpd did crash at some point…)”

So maybe the fix is do nothing

system · February 13, 2006, 11:07am

I’d like to advertise that it might be others causes. Like smtp-auth module etc…

DO NOT APPLY any PATCH without any interworx staff advises

Also you may use STRACE to trace the smtpd pid job or use GDB

Pascal

Justec · February 13, 2006, 11:33am

Haha, no worries there, I got my ticket in and I’m not doing anything until I get the offical word

Never used strace before, guess its google time!

Justec · February 14, 2006, 12:51am

I think Pascal had it right!!!

Doing a lot of looking at Strace and reading google finds I have come to a resolution on this and wanted to share it.

I believe I fall into the problem defined here (thanx Pascal): http://thedjbway.org/qmail/patches/qmail-1.03.smtpd-blast.patch
This is also discussed here: http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html

It bascially says that the long header “attack” is a bug in qmail, but if you run qmail in supervise mode with "/usr/local/bin/softlimit -m 2000000 " it prevents a DOS attack of burning through all the servers memory. If qmail-smtpd goes over said softlimit it crashes out. I think the problem can happen with 32 and 64 bit but is more apparent b/c on 64 bit b/c Qmail is written in “classic” C and when compiled with modern day tools the ints are still 32 bit while the pointers are 64 (I read that somewhere).

I am still getting the error but I dont think I want to patch it b/c these long header emails are most likely spam anyway so having the connect drop with a crashed smtp is fine with me. I have one domain on my box that gets spam emails constantly (every 5 mins or less in burst) and 99% of them are to fake address. bob@domain.com, jim@domain.com, etc. I believe it is these emails that are crashing the SMTPD and therefore I just dont care

Any thoughts?

system · February 16, 2006, 10:39am

Well for me you right

system · May 18, 2006, 5:53am

Justec at how much your softlimit is set ?

Pascal

Justec · September 3, 2007, 7:52am

Old thread, but moved to a new server and using unialert.com (thanks pascal) I noticed my SMTP died for a couple hours in the middle of the night and then recovered.

I’ve also noticed a couple times in NodeWorx it would say its stopped and then would turn itself back on.

My softlimit is now set at 256000000 and wondering if I should lower this or raise it to prevent the SMTP from crashing.

Actually the alert showed this error as why it was down: “Socket timeout after 10 seconds”