Strange Bandwidth Issue Solved

I just finished solving a problem that had me concerned all afternoon.  My DSL access had been absolutely crawling this week, but I hadn’t had a chance to look at it until now.  When I pulled up the bandwidth chart on my router, I just about fell out of my chair.   Since Thursday, I had been pulling over 15GB of data each day and by midday today, over 7.5GB of data had moved through my DSL.  Being a security guy, I immediately feared the worst and began pouring over logs trying to determine the source of this traffic.

I was able to narrow down the source to my home Linux server and a quick Wireshark packet analysis showed my email service as the culprit.    This led me to the syslog where I found this message:

reject: MAIL from localhost[127.0.0.1]: 552 5.3.4 Message size exceeds fixed limit;

Apparently, the Postfix mail system caps messages at 10MB.  By chance, I had two messages on the remote server with large attachments.  Because of this, my home server would start downloading these files, but fail once it had reached the 10MB limit.  Unfortunately, it would then try again at 10 second intervals.  This caused the perfect bandwidth storm — and potentially a mailbox storm for the sender who would have received a rejected message after each failed attempt.  (Apology letter already sent :( )

The fix was relatively simple.  I added the following line to my Postfix main.cf file, which removes the size limit for messages all together:

message_size_limit = 0

A quick restart of Postfix loaded the new config and a final temporary bandwidth meter spiked subsequently occurred while the files were downloaded.

September 19th, 2009 in Computers, General, Linux | tags: , ,

Leave a comment

You must be logged in to post a comment.