RE: latest spam-milter

[Cowles, Steve]

> -----Original Message-----
> From: Dan Nelson 
> Sent: Tuesday, November 19, 2002 4:41 PM
> Subject: Re: latest spam-milter
> 
> 
> In the last episode (Nov 19), Ron Snyder said:
> > I seem to remember seeing something (msg id unknown, 0 length email
> > check) similar to this when sendmail aborts a check (as it does when
> > the sending host is listed in an RBL (we don't have SA doing the RBL
> > checks, we have sendmail doing them).
> 
> Yeah, but in that case sendmail aborts the message and spamass-milter
> never gets to process it completely.  I have been creating 0-byte
> messages with
> 
> print 'ehlo mymachine\nmail from:<address@hidden>\nrcpt 
> to:<address@hidden>\ndata\n.\nquit\n' |
>  nc dan smtp
> 
> (replace address@hidden with your own email address, and dan with your milter
> server).  That submits a 0-byte message.  Make sure that the netcat
> command connects to the machine actually doing the miltering, since if
> it has to hop to another server, it'll most likely add a Received:
> header, which makes the message more than 0 bytes long (the size
> includes headers).

Thanks to your example, I can now confirm that the 0 byte e-mail is what
crashed sa-milter last night. Fricken spammers! I just manually recreated
your example (using telnet) and the minute I put in the dot (period) to end
the data, the sa-milter died.

Process stack before 0 byte e-mail.

root     24461  0.0  0.7  3912  676 pts/1    S    16:50   0:00
spamass-milter -p /var/run/
root     24462  0.0  0.7  3912  676 pts/1    S    16:50   0:00
spamass-milter -p /var/run/
root     24463  0.0  0.7  3912  676 pts/1    S    16:50   0:00
spamass-milter -p /var/run/
nobody   24480  2.0 11.9 12784 11388 ?       S    16:50   0:03
/usr/bin/spamd -d -a -u nob

Now the zero byte e-mail

address@hidden httpd]$ telnet excelsior 25
Trying 192.168.8.2...
Connected to excelsior.
Escape character is '^]'.
220 excelsior.mydomain.com ESMTP Sendmail 8.12.6/8.12.5; Tue, 19 Nov 2002
17:00:05 -0600
ehlo excelsior
mail from:address@hidden
250 2.1.0 address@hidden Sender ok
rcpt to:address@hidden
250 2.1.5 address@hidden Recipient ok
data
354 Enter mail, end with "." on a line by itself
.
quit
250 2.0.0 gAJN05XS025295 Message accepted for delivery
221 2.0.0 excelsior.mydomain.com closing connection
Connection closed by foreign host.
address@hidden httpd]$

Note: It took 4 minutes for the connection closed to happen after the dot.
Also, the logfile entries are identical to what I posted earlier that
crashed sa-milter last night.

Now the process stack after the 0 byte e-mail, but before the 4 minute
timout.

root     24463  0.0  0.7  3932  716 pts/1    S    16:50   0:00
spamass-milter -p /var/run/
nobody   24480  0.5 11.9 12784 11388 ?       S    16:50   0:03
/usr/bin/spamd -d -a -u nob
scowles  25294  0.0  0.8  1924  844 pts/0    S    17:00   0:00 telnet
excelsior 25
root     25295  0.0  2.3  4932 2188 ?        S    17:00   0:00 sendmail:
gAJN05XS025295 ex

I hope this helps.

Also, I'm running on linux (RH-7.3) system with sendmail-8.12.6. My
sa-milter version is 0.1.2 with the duplicate header patch applied. 

BTW: Can someone point me to a howto on using CVS. I probably need to get
current with everyone else on the list.

thanks
Steve Cowles