Problem messages - again
Joolee
mailscanner at joolee.nl
Wed May 2 14:45:55 IST 2012
Can you run one of these messages through debug mode?
On 2 May 2012 15:25, Ian Fenn <ian at chopstixmedia.com> wrote:
> Another example email, which just triggered infection, other:
>
> http://pastebin.com/CLCn2sDy
>
> Actual spam this time. From the maillog:
>
> May 2 13:34:05 mail sendmail[10009]: q42CY5FU010009: Milter (greylist): init success to negotiate
> May 2 13:34:05 mail sendmail[10009]: q42CY5FU010009: Milter: connect to filters
> May 2 13:34:05 mail sendmail[10009]: q42CY5FU010009: milter=greylist, action=connect, continue
> May 2 13:34:05 mail sendmail[10009]: q42CY5FU010009: milter=greylist, action=mail, continue
> May 2 13:34:05 mail milter-greylist: q42CY5FU010009: addr 94.228.211.153 from <nutty at chrewal.info> rcpt <[redacted]>: autowhitelisted for 768:00:00
> May 2 13:34:05 mail sendmail[10009]: q42CY5FU010009: milter=greylist, action=rcpt, continue
> May 2 13:34:07 mail sendmail[10009]: q42CY5FU010009: from=<nutty at chrewal.info>, size=223338, class=0, nrcpts=1, msgid=<0.0.0.31.1CD285D4ECE7636.0 at chrewal.info>, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=[94.228.211.153]
> May 2 13:34:07 mail sendmail[10009]: q42CY5FU010009: Milter add: header: X-Greylist: Delayed for 00:10:02 by milter-greylist-3.0 (mail.chopstix.net [173.203.199.115]); Wed, 02 May 2012 13:34:07 +0100 (BST)
> May 2 13:34:07 mail sendmail[10009]: q42CY5FU010009: Milter accept: message
> May 2 13:34:07 mail sendmail[10009]: q42CY5FU010009: to=<[redacted]>, delay=00:00:02, mailer=esmtp, pri=253338, stat=queued
> May 2 13:37:02 mail MailScanner[6184]: Making attempt 2 at processing message q42CY5FU010009
> May 2 13:42:21 mail MailScanner[10022]: Making attempt 3 at processing message q42CY5FU010009
> May 2 13:47:56 mail MailScanner[10127]: Making attempt 4 at processing message q42CY5FU010009
> May 2 13:52:15 mail MailScanner[9741]: Making attempt 5 at processing message q42CY5FU010009
> May 2 13:57:15 mail MailScanner[10711]: Making attempt 6 at processing message q42CY5FU010009
> May 2 13:57:16 mail MailScanner[9907]: Warning: skipping message q42CY5FU010009 as it has been attempted too many times
> May 2 13:57:16 mail MailScanner[9907]: Quarantined message q42CY5FU010009 as it caused MailScanner to crash several times
> May 2 13:57:16 mail MailScanner[9907]: Saved entire message to /var/spool/MailScanner/quarantine/20120502/q42CY5FU010009
>
> Any thoughts? Your help is much appreciated.
>
> All the best,
>
> --
> Ian--
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list