On Tue, Jan 25, 2005 at 09:52:07PM -0800, jdow wrote:
> From: "Martin Karol Zuziak" <[EMAIL PROTECTED]>
> > On Tue, Jan 25, 2005 at 03:02:52PM -0500, Pierre Thomson wrote:
> > > Martin,
> > >
> > > The message itself looks like the recursion problem... a spammer sent a
> drug spam, and the rejection message (to a local address) looped some 122
> times at 5-second intervals until SA bombed. It's hard to imagine ANY
> program that can disentangle 122 MIME-encapsulated emails inside each other
> without running out of resources.
> > >
> > > So I would say the problem is not SA; it's an MTA setup that doesn't
> detect a mail loop after eight or ten times around. The spammer appears to
> have used a spoofed local envelope sender, which contributed to the problem.
> >
> > Right. The problem is with the sending MTA which keeps forwarding the
> > message. But the sending MTA is not under my control so I can't solve
> > the problem that way.
> >
> > Even though the mail is extremely ugly spamassassin should not take up
> > so many resources. If it can't handle 122 nested MIME messages then it
> > shouldn't try. This can be used as a DoS attack. I scan all mail
> > received on my server (approx 8000 msg/day). It only takes a couple of
> > mails like this to take out my mail server forcing me to stop accepting
> > mail or stop scanning for spam.
> >
> > So, even if the problem is caused my a MTA, spamassassin should handle
> > this situation better.
> >
> > Martin Zuziak <[EMAIL PROTECTED]>
>
> <sigh> Do not send a rejection message. Simply let the message die. It
> is poetic justice that you ended up spamming yourself with your stupid
> rejection message. Spammers use them as a means to bounce spam messages.
> {^_^}
<sigh> Another person who doesn't know when to keep his mouth shut.
I do not send bounces for spam mail. I reject spam in the SMTP dialog so
the mail remains the responsibility of the sending MTA. Maybe silently
dropping mail works for you, but I have real users doing real work who
will not accept any mail mislabeled as spam just disappearing.
Martin Zuziak <[EMAIL PROTECTED]>
