Mystery messages

Fri, 24 Sep 2004 07:32:57 -0700

I have recently been noticing a couple of odd messages coming into our system with headers and no body:

Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 708 invoked from network); 24 Sep 2004 05:52:18 -0400
Received: from a.ns.rlpgbooks.com (HELO a.mx.rlpgbooks.com) (12.38.22.1)
  by ranger1.rlpgbooks.com (qpsmtpd/0.28) with SMTP; Fri, 24 Sep 2004 05:52:18 -0400
X-DSPAM-Result: Innocent
X-DSPAM-Confidence: 1.0000
X-DSPAM-Probability: 0.0774
X-DSPAM-Signature: !DSPAM:4153ee537121383712631!

That's it! No headers except the ones that our servers added. I got one yesterday with the same return path and a one on Wednesday with a different Return-Path:

Return-Path: <[EMAIL PROTECTED]> 

This seems to be this morning's log entry from qpsmtpd:

2004-09-24 05:51:00.918448500 13669 Accepted connection 1/15 from 222.101.15.242 / 
Unknown
2004-09-24 05:51:03.539102500 13669 13669 to email address : [<[EMAIL PROTECTED]>]
2004-09-24 05:51:03.570859500 13669 check_finger plugin: Attempting to finger
2004-09-24 05:51:04.309969500 13669 virus::exe_filter plugin: non-multipart mail - 
skipping
2004-09-24 05:51:04.643885500 953 cleaning up after 13669

which is not completely helpful. I recreated the headers by sending an empty DATA segment:

Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 22079 invoked from network); 24 Sep 2004 10:18:33 -0400
Received: from a.ns.rlpgbooks.com (HELO a.mx.rlpgbooks.com) (12.38.22.1)
  by ranger1.rlpgbooks.com (qpsmtpd/0.28) with SMTP; Fri, 24 Sep 2004 10:18:33 -0400
X-DSPAM-Result: Innocent
X-DSPAM-Confidence: 1.0000
X-DSPAM-Probability: 0.0779
X-DSPAM-Signature: !DSPAM:41542cc0221241665818641!

But what I cannot figure out is what is going on with the remote server. Is this a spammer attempting to validate e-mail addresses? I'm wrote a data_post plugin (after sig) to refuse any messages which are completely empty, but I'm trying to understand what is going on. I wonder if it would be more appropriate to add this to Qpsmtpd/SMTP.pm instead...

John

#!perl
# Simple plugin to ensure that the body of the message exists

sub register {
  my ($self, $qp) = @_;
  $self->register_hook("data_post", "mail_handler");
}

sub mail_handler {
  my ($self, $transaction) = @_;

  return (DENY, "You have to send some data first")
    if $transaction->body_size == 0;
}

Reply via email to