[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: latest spam-milter
From: |
Cowles, Steve |
Subject: |
RE: latest spam-milter |
Date: |
Tue, 19 Nov 2002 17:15:24 -0600 |
> -----Original Message-----
> From: Dan Nelson
> Sent: Tuesday, November 19, 2002 4:41 PM
> Subject: Re: latest spam-milter
>
>
> In the last episode (Nov 19), Ron Snyder said:
> > I seem to remember seeing something (msg id unknown, 0 length email
> > check) similar to this when sendmail aborts a check (as it does when
> > the sending host is listed in an RBL (we don't have SA doing the RBL
> > checks, we have sendmail doing them).
>
> Yeah, but in that case sendmail aborts the message and spamass-milter
> never gets to process it completely. I have been creating 0-byte
> messages with
>
> print 'ehlo mymachine\nmail from:<address@hidden>\nrcpt
> to:<address@hidden>\ndata\n.\nquit\n' |
> nc dan smtp
>
> (replace address@hidden with your own email address, and dan with your milter
> server). That submits a 0-byte message. Make sure that the netcat
> command connects to the machine actually doing the miltering, since if
> it has to hop to another server, it'll most likely add a Received:
> header, which makes the message more than 0 bytes long (the size
> includes headers).
Thanks to your example, I can now confirm that the 0 byte e-mail is what
crashed sa-milter last night. Fricken spammers! I just manually recreated
your example (using telnet) and the minute I put in the dot (period) to end
the data, the sa-milter died.
Process stack before 0 byte e-mail.
root 24461 0.0 0.7 3912 676 pts/1 S 16:50 0:00
spamass-milter -p /var/run/
root 24462 0.0 0.7 3912 676 pts/1 S 16:50 0:00
spamass-milter -p /var/run/
root 24463 0.0 0.7 3912 676 pts/1 S 16:50 0:00
spamass-milter -p /var/run/
nobody 24480 2.0 11.9 12784 11388 ? S 16:50 0:03
/usr/bin/spamd -d -a -u nob
Now the zero byte e-mail
address@hidden httpd]$ telnet excelsior 25
Trying 192.168.8.2...
Connected to excelsior.
Escape character is '^]'.
220 excelsior.mydomain.com ESMTP Sendmail 8.12.6/8.12.5; Tue, 19 Nov 2002
17:00:05 -0600
ehlo excelsior
mail from:address@hidden
250 2.1.0 address@hidden Sender ok
rcpt to:address@hidden
250 2.1.5 address@hidden Recipient ok
data
354 Enter mail, end with "." on a line by itself
.
quit
250 2.0.0 gAJN05XS025295 Message accepted for delivery
221 2.0.0 excelsior.mydomain.com closing connection
Connection closed by foreign host.
address@hidden httpd]$
Note: It took 4 minutes for the connection closed to happen after the dot.
Also, the logfile entries are identical to what I posted earlier that
crashed sa-milter last night.
Now the process stack after the 0 byte e-mail, but before the 4 minute
timout.
root 24463 0.0 0.7 3932 716 pts/1 S 16:50 0:00
spamass-milter -p /var/run/
nobody 24480 0.5 11.9 12784 11388 ? S 16:50 0:03
/usr/bin/spamd -d -a -u nob
scowles 25294 0.0 0.8 1924 844 pts/0 S 17:00 0:00 telnet
excelsior 25
root 25295 0.0 2.3 4932 2188 ? S 17:00 0:00 sendmail:
gAJN05XS025295 ex
I hope this helps.
Also, I'm running on linux (RH-7.3) system with sendmail-8.12.6. My
sa-milter version is 0.1.2 with the duplicate header patch applied.
BTW: Can someone point me to a howto on using CVS. I probably need to get
current with everyone else on the list.
thanks
Steve Cowles
- Re: latest spam-milter, (continued)
RE: latest spam-milter,
Cowles, Steve <=
RE: latest spam-milter, Cowles, Steve, 2002/11/19
RE: latest spam-milter, Ron Snyder, 2002/11/20