WIO email spamming after 145->147 update

After updating from 145->147, I started getting hundreds of emails from WIO regarding my ipsec connection being on.

Subject: WIO IPsec - - Active - Mon, 03.08.2020 06:50:01

As a stop-gap, I disabled IPFire’s Mail Service. Anyone else have this happen?

As a test, I re-enabled the Mail Service and the emails started flowing again, to the point where I hit my mail server’s hourly limit and all emails stopped to my account. I now have to wait an hour for my email to start flowing again.

Just an update: there were so many emails that were queued in the system that the load on IPFire skyrocketed, causing internet access to cut in and out. In particular, the IRQ CPU usage and System CPU usage jumped and bogged the firewall down. It looks like as all the queued emails are working their way through and I’m deleting thousands of them as they hit my inbox. It appears as if they’re done (I’d disabled the Mail Server and WIO about 20 minutes ago) and the cpu usage is going back to normal.

Hello,
the problem is unknown.
Use the Core 147 here and there is no problem when monitoring IPSec connections.
Ever created a backup of WIO, uninstalled WIO and reinstalled?
WIO IPsec monitoring disabled to see what happens?

Best regards
sfeddersen

Yes, I took a backup of WIO before the update. For now we are in the middle of a workday so I have to wait for more experimenting. For now I have WIO completely disabled and Mail Service. I will start with the mail service, then disable IPSEC monitoring before turning WIO back on, then go from there. Perhaps another reboot of the firewall will help as well.

edit: these WIO notifications are still arriving in my inbox with send times from this morning. I get them in bunches of 50-1500 and immediately mass-delete them. I’m using IMAP so they should not be redelivering from the mail server. Not sure why they keep trickling in 8 hours later, but at least IPFire’s cpu usage is almost nil and no more internet loss. Afterhours I will reboot IPFire to see if that flushes the rest of them out. It could be that my mail server was so flooded that it’s sending them out in batches to keep from saturating the system.

Looks like I finally killed the onslaught by creating a filter in webmail to discard all messages starting with ‘WIO IPsec’

There were well over 100,000 emails that were deleted. I’m scared to death to re-enable WIO IPsec. No one else has had this happen?

Hello,
please post the wio.conf from /var/ipfire/wio and wio from /etc/fcron.minutely.

Many thanks

sfeddersen

OVPNRWMAIL=on
CLIENTREMARK=on
MAILREMARK=off
CRON=15
ENABLE=off
LOGGING=off
TIMEOUT=01
SORT=IPADR
MAILSTYLE=email
OVPNCRON=05





#!/bin/bash
#
# Script to run wio helpers
#
. /var/ipfire/wio/wio.conf

MINUTE=`date +%M`

if [ $ENABLE == on ]; then

        if [ $(($MINUTE%$CRON)) == 0 ]; then
                /var/ipfire/wio/wio.pl > /dev/null
        fi

        if [ $OVPNRWMAIL == on ]; then
                if [ $(($MINUTE%$OVPNCRON)) == 0 ]; then
                        /var/ipfire/wio/wiovpn.pl > /dev/null
                fi
        else
                rm -f /var/log/wio/.vpncache
                rm -f /var/log/wio/.ovpncache
        fi

fi