Problem Messages
Brett Moss
bamcomp at yahoo.com
Wed Nov 11 17:28:32 GMT 2009
Hello,
I'm having some problems with a few messages recently. I have not turned anything up in my searches and would appreciate some input from the list.
I have received two messages that seem to be tripping up MailScanner. Both have the same Subject (Notice of Underreported Income) and look in my maillog.
I saw the thread from June of this year, but it appears the details are a bit different. It looks like MailScanner is finding a problem but not knowing what to do next with the message
I am running mailscanner-4.78.17-1 on a CentOS release 4.8 machine
Here is what shows in the maillog
[root at mailgw ~]# cat /var/log/maillog|grep nABBuKZR024867
Nov 11 03:56:33 mailgw sendmail[24867]: nABBuKZR024867: from=<kristieamn4 at sonictimeworks.com>, size=2158, class=0, nrcpts=1, msgid=<000d01ca62c5$f6f7e140$6400a8c0 at kristieamn4>, proto=ESMTP, daemon=MTA, relay=cable-94-189-200-50.dynamic.sbb.rs [94.189.200.50]
Nov 11 03:56:46 mailgw MailScanner[20311]: [Found password stealer] <HTML/Irsphish (exact)> ./nABBuKZR024867/msg-20311-2.html
Nov 11 04:01:16 mailgw MailScanner[21397]: Making attempt 2 at processing message nABBuKZR024867
Nov 11 04:01:29 mailgw MailScanner[21397]: [Found password stealer] <HTML/Irsphish (exact)> ./nABBuKZR024867/msg-21397-3.html
Nov 11 04:03:54 mailgw MailScanner[23223]: Making attempt 3 at processing message nABBuKZR024867
Nov 11 04:04:13 mailgw MailScanner[23223]: [Found password stealer] <HTML/Irsphish (exact)> ./nABBuKZR024867/msg-23223-2.html
Nov 11 04:06:48 mailgw MailScanner[24879]: Making attempt 4 at processing message nABBuKZR024867
Nov 11 04:07:02 mailgw MailScanner[24879]: [Found password stealer] <HTML/Irsphish (exact)> ./nABBuKZR024867/msg-24879-4.html
Nov 11 04:09:42 mailgw MailScanner[25009]: Making attempt 5 at processing message nABBuKZR024867
Nov 11 04:09:55 mailgw MailScanner[25009]: [Found password stealer] <HTML/Irsphish (exact)> ./nABBuKZR024867/msg-25009-4.html
Nov 11 04:14:54 mailgw MailScanner[26221]: Making attempt 6 at processing message nABBuKZR024867
Nov 11 04:15:07 mailgw MailScanner[26221]: [Found password stealer] <HTML/Irsphish (exact)> ./nABBuKZR024867/msg-26221-2.html
Nov 11 04:15:07 mailgw MailScanner[26029]: Warning: skipping message nABBuKZR024867 as it has been attempted too many times
Nov 11 04:15:07 mailgw MailScanner[26029]: Quarantined message nABBuKZR024867 as it caused MailScanner to crash several times
Nov 11 04:15:07 mailgw MailScanner[26029]: Saved entire message to /var/spool/MailScanner/quarantine/20091111/nABBuKZR024867
Nov 11 04:15:08 mailgw MailScanner[26029]: Logging message nABBuKZR024867 to SQL
Nov 11 04:15:08 mailgw MailScanner[26224]: nABBuKZR024867: Logged to MailWatch SQL
[root at mailgw ~]# cat /var/log/maillog|grep nAAFdkAj028811
Nov 10 07:39:54 mailgw sendmail[28811]: nAAFdkAj028811: from=<surtaxedpra at softshock.co.uk>, size=2271, class=0, nrcpts=1, msgid=<000d01ca621c$0670e9f0$6400a8c0 at surtaxedpra>, proto=ESMTP, daemon=MTA, relay=201-65-5-225.poolip.NTL.embratel.net.br [201.65.5.225]
Nov 10 07:39:54 mailgw sendmail[28811]: nAAFdkAj028811: to=<the-benno at bsod.org>, delay=00:00:00, mailer=esmtp, pri=32271, stat=queued
Nov 10 07:40:09 mailgw MailScanner[28059]: [Found password stealer] <HTML/Irsphish (exact)> ./nAAFdkAj028811/msg-28059-2.html
Nov 10 07:45:16 mailgw MailScanner[27511]: Making attempt 2 at processing message nAAFdkAj028811
Nov 10 07:45:29 mailgw MailScanner[27511]: [Found password stealer] <HTML/Irsphish (exact)> ./nAAFdkAj028811/msg-27511-4.html
Nov 10 07:49:11 mailgw MailScanner[27361]: Making attempt 3 at processing message nAAFdkAj028811
Nov 10 07:49:24 mailgw MailScanner[27361]: [Found password stealer] <HTML/Irsphish (exact)> ./nAAFdkAj028811/msg-27361-2.html
Nov 10 07:53:32 mailgw MailScanner[28931]: Making attempt 4 at processing message nAAFdkAj028811
Nov 10 07:53:45 mailgw MailScanner[28931]: [Found password stealer] <HTML/Irsphish (exact)> ./nAAFdkAj028811/msg-28931-2.html
Nov 10 07:58:15 mailgw MailScanner[28999]: Making attempt 5 at processing message nAAFdkAj028811
Nov 10 07:58:28 mailgw MailScanner[28999]: [Found password stealer] <HTML/Irsphish (exact)> ./nAAFdkAj028811/msg-28999-2.html
Nov 10 08:02:47 mailgw MailScanner[24840]: Making attempt 6 at processing message nAAFdkAj028811
Nov 10 08:03:00 mailgw MailScanner[24840]: [Found password stealer] <HTML/Irsphish (exact)> ./nAAFdkAj028811/msg-24840-18.html
Nov 10 08:03:01 mailgw MailScanner[29174]: Warning: skipping message nAAFdkAj028811 as it has been attempted too many times
Nov 10 08:03:01 mailgw MailScanner[29174]: Quarantined message nAAFdkAj028811 as it caused MailScanner to crash several times
Nov 10 08:03:01 mailgw MailScanner[29174]: Saved entire message to /var/spool/MailScanner/quarantine/20091110/nAAFdkAj028811
Nov 10 08:03:01 mailgw MailScanner[29174]: Logging message nAAFdkAj028811 to SQL
Nov 10 08:03:01 mailgw MailScanner[28062]: nAAFdkAj028811: Logged to MailWatch SQL
thank you,
Brett
More information about the MailScanner
mailing list