Problem messages - again

Ian Fenn ian at chopstixmedia.com
Wed May 2 14:25:31 IST 2012


Another example email, which just triggered infection, other:

http://pastebin.com/CLCn2sDy

Actual spam this time. From the maillog:

May  2 13:34:05 mail sendmail[10009]: q42CY5FU010009: Milter (greylist): init success to negotiate
May  2 13:34:05 mail sendmail[10009]: q42CY5FU010009: Milter: connect to filters
May  2 13:34:05 mail sendmail[10009]: q42CY5FU010009: milter=greylist, action=connect, continue
May  2 13:34:05 mail sendmail[10009]: q42CY5FU010009: milter=greylist, action=mail, continue
May  2 13:34:05 mail milter-greylist: q42CY5FU010009: addr 94.228.211.153 from <nutty at chrewal.info> rcpt <[redacted]>: autowhitelisted for 768:00:00
May  2 13:34:05 mail sendmail[10009]: q42CY5FU010009: milter=greylist, action=rcpt, continue
May  2 13:34:07 mail sendmail[10009]: q42CY5FU010009: from=<nutty at chrewal.info>, size=223338, class=0, nrcpts=1, msgid=<0.0.0.31.1CD285D4ECE7636.0 at chrewal.info>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=[94.228.211.153]
May  2 13:34:07 mail sendmail[10009]: q42CY5FU010009: Milter add: header: X-Greylist: Delayed for 00:10:02 by milter-greylist-3.0 (mail.chopstix.net [173.203.199.115]); Wed, 02 May 2012 13:34:07 +0100 (BST)
May  2 13:34:07 mail sendmail[10009]: q42CY5FU010009: Milter accept: message
May  2 13:34:07 mail sendmail[10009]: q42CY5FU010009: to=<[redacted]>, delay=00:00:02, mailer=esmtp, pri=253338, stat=queued
May  2 13:37:02 mail MailScanner[6184]: Making attempt 2 at processing message q42CY5FU010009 
May  2 13:42:21 mail MailScanner[10022]: Making attempt 3 at processing message q42CY5FU010009 
May  2 13:47:56 mail MailScanner[10127]: Making attempt 4 at processing message q42CY5FU010009 
May  2 13:52:15 mail MailScanner[9741]: Making attempt 5 at processing message q42CY5FU010009 
May  2 13:57:15 mail MailScanner[10711]: Making attempt 6 at processing message q42CY5FU010009 
May  2 13:57:16 mail MailScanner[9907]: Warning: skipping message q42CY5FU010009 as it has been attempted too many times 
May  2 13:57:16 mail MailScanner[9907]: Quarantined message q42CY5FU010009 as it caused MailScanner to crash several times 
May  2 13:57:16 mail MailScanner[9907]: Saved entire message to /var/spool/MailScanner/quarantine/20120502/q42CY5FU010009
 
Any thoughts? Your help is much appreciated.

All the best,

--
Ian


More information about the MailScanner mailing list