Hi,
At 23:11 01.10.02 +0200, Lou Hevly wrote:
>[ Concerning an Uncaught Python 2.2.1 Exception in my TMDA debug file ]
>
>At 17:32 30/09/02, Jason R. Mastaler wrote:
>>Lou Hevly <[EMAIL PROTECTED]> writes:
>>
>> > Date: Mon Sep 30 08:47:40 GMT 2002
>> > Sndr: b.bestoffers.a-4f253a-16e5.visca.com*[EMAIL PROTECTED]
>> > From: Best Offers <[EMAIL PROTECTED]>
>> > To: [EMAIL PROTECTED]
>> > Subj: Confirmation email - your user name and password
>> > Actn: CONFIRM pending 1033375659.1191.msg
>>
>>I'd just delete this spam from your qmail queue. I believe the bogus
>>Sndr address is causing problems for smtplib, possibly because it
>>contains a `*'.
>
>Thanks for your comments; I believe I've now found the problem:
>
>I have Erwin Hoffman's SPAMCONTROL patch installed. The problem was
>that the spammer's address was being rejected by my badrcptto file when
>TMDA tried to send the spammer the confirm message:
>
>[root:/var/log/qmail/qmail-smtpd]$ cat current | tai | grep baccart
>2002-10-01 16:32:12 qmail-smtpd: pid 32229 from 216.216.32.170 Invalid
>RECIPIENT address: MAIL from: <[EMAIL PROTECTED]>, RCPT
>TO:<b.bestoffers.a-531c59-6238.visca.com*[EMAIL PROTECTED]>
>etc.
>
>I assume the '*' in the spammer's from address somehow matched
>something in my badrcptto file, which has various old harvested
>addresses:
"badrcptto" ? Probably you mean "badrcptpatterns" ! You should consult the qmail man
page "addresses":
Be wary of the following characters:
$&!#~`'^*|{}
Some users will not know how to feed these characters
safely to their mail programs.
Avoid those characters in SMTP names.
>
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
>etc.
>
>At any rate, it certainly doesn't seem to be a TMDA or Python
>problem. I'm Cc'ing this posting to Mr Hoffman, and perhaps he'll be
>able to shed some light.
Without knowing your "badrcptto"/"badrcptpatterns" thats hardly possible.
>Finally, I've added "*\**" to my badmailpatterns file, which should
>prevent any other mailings coming in with asteriscs in the from field.
According to your log, it's the RCPT TO: which is due for the rejection:
"TO:<b.bestoffers.a-531c59-6238.visca.com*[EMAIL PROTECTED]>"
(Consult your qmail-smtpd log file and you will see ...)
However, in principle you did the right thing anyhow ...
regards.
--eh.
>--
>All the best (Ad�u-siau),
>Lou Hevly
>[EMAIL PROTECTED]
>http://www.visca.com
>
>
>
+-----------------------------------------------------------------------+
| fff hh http://www.fehcom.de Dr. Erwin Hoffmann |
| ff hh |
| ff eee hhhh ccc ooo mm mm mm Wiener Weg 8 |
| fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln |
| ff ee eee hh hh cc oo oo mm mm mm |
| ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 |
| ff eeee hh hh ccc ooo mm mm mm Fax 0221 484 4924 |
+-----------------------------------------------------------------------+
_____________________________________________
tmda-users mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-users
