We are currently running Exim 4.52 and occasionally, twice now, there is
a message which gets SOPHUS/sophie into a loop - it is called from the
malware ACL. Exim times out and closes the connection with a temporary
SMPT error. This leaves the Sophie child in a loop chewing CPU. The
originating site tries again with the same consequences and more CPU
goes until our EXIM load control stops connections - a complete denial
of service as it started on Friday afternoon and by 9pm had closed down
our 3 mail hubs.
The commonality about the occasions is that the message originated form
an Exchange 5.5 system and had a PDF attachment; the second time it was
a reply to such a message including the original.
1. has anyone else experienced the same; what did you do? (last
night we just blocked the originator and sent them a message)
2. would moving up to EXIM 4.63 help?
John Linn
PS thanks Jeremy Harris for help on ACLs