> I've also experienced this, but with version 2. An email will come
> in and crash Perl. Have to restart ASSP. Everything works fine for a
> while until the sender of the problem email tries to send it again.
> The only way around the problem is to enter the sender's IP into
> denySMTPConnectionsFrom.
I've also noticed a new form of spam, coming from hotmail. It seems to
try to break the MTA with a bad header:
Jan-29-09 23:01:19 [Worker_1] Worker_1 wakes up
Jan-29-09 23:01:19 [Worker_1] Info: Worker_1 got connection from
MainThread
Jan-29-09 23:01:19 [Worker_1] Connected: 65.54.246.234:40722 ->
my.quad.ip.num:25 -> 127.0.0.
1:125
Jan-29-09 23:01:19 [Main_Thread] Info: Main_Thread freed by idle
Worker_1 in 0.009 seconds
Jan-29-09 23:01:19 id-88079-28332 [Worker_1] 65.54.246.234
<carbonell_...@hotmail.com
> to:
m...@mydomain.com Message-Score: total for this
message is 25, added 25 for Extreme
Bad History
Jan-29-09 23:01:19 id-88079-28332 [Worker_1] 65.54.246.234
<carbonell_...@hotmail.com
> to:
m...@mydomain.com Regex:SPFstrict '@hotmail.com'
Jan-29-09 23:01:19 id-88079-28332 [Worker_1] [SPF] 65.54.246.234
<carbonell_...@hotmail.com
> to:
m...@mydomain.com SPF: pass (cache)
ip=65.54.246.234 mailfrom=carbonell_...@hotmail.
com helo=bay0-omc3-s34.bay0.hotmail.com
Jan-29-09 23:01:26 id-88079-28332 [Worker_1] 65.54.246.234
<carbonell_...@hotmail.com
> to:
m...@mydomain.com ClamAV: scanned 75014 bytes in
message - OK
Jan-29-09 23:01:26 id-88079-28332 [Worker_1] 65.54.246.234
<carbonell_...@hotmail.com
> to:
m...@mydomain.com Message-Score: total for this
message is 35, added 10 for URIBL:
neutral, listed in livecomuriblswinogch
Jan-29-09 23:01:28 id-88079-28332 [Worker_1] 65.54.246.234
<carbonell_...@hotmail.com
> to:
m...@mydomain.com Bayesian Check - Prob:
1.00000 / Confidence: 0.00000 =>
doubtful.spam
Jan-29-09 23:01:28 id-88079-28332 [Worker_1] [Penalty][lowconfidence]
65.54.246.234 <carbonell_...@hotmail.
com> to: m...@mydomain.com [spam found] and
passing because of low confidence,
otherwise blocked (totalscore for 65.54.246.234 is
1430, last penalty was
'URIBLneutral') [Enrique Carbonell MAdrid Pedido] -
> ./discarded/88079.eml
Jan-29-09 23:01:37 id-88079-28332 [Worker_1] [OversizedHeader]
65.54.246.234 <carbonell_...@hotmail.
com> to: m...@mydomain.com Possible Mailloop:
Headerlength (100066) >
100000
Jan-29-09 23:01:37 id-88079-28332 [Worker_1] 65.54.246.234
<carbonell_...@hotmail.com
> to:
m...@mydomain.com [SMTP Error] 554 5.7.1 possible
mailloop - oversized header
(100066)
Jan-29-09 23:01:37 [Worker_1] Disconnected: 65.54.246.234
Jan-29-09 23:01:37 [Worker_1] Worker_1 will sleep now
It's the first time )=I've seen this in my logs. It ends up chewing up
the processor for a few seconds, but it does it every four minutes
(possibly hotmail's retry period?). If many mails came in this way, I
suspect I'd experience a DDoS.
I've also noticed other attacks two days ago, but I've not been able
to narrow them down.
There's no doubt in my mind, however, that
http://www.spamcop.net/spamgraph.shtml?spamyear
accurately portrays what I've experienced on my server. N.b.,
sometimes, of late, the link does not have a chart in it. Not sure why.
BTW, Thomas, I will get back to you soon about the new version. I've
been too busy on other project for the past week. Sorry.
T.
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
