On 08/05/14 10:35, Cyborg wrote:
> Hi all,
>
> i just found a lot aof unhandled fragments of emails in my input directory.
>
> The corresponding message in the log is just:
>
>
> 2014-04-20 23:52:03 1Wbzed-0007gr-FE string_sprintf expansion was longer
> than 32768
>
> the only file left is the data part :
>
> -rw-r----- 1 exim exim 2549239 20. Apr 23:52 ./1Wbzed-0007gr-FE-D
>
> Interessting is, that no other logline is present, no from, no to log,
> nor the host who send it.
>
> It's possible that someone tried it via 127.0.0.1 or sendmail_wrapper ,
> but without the header file, we wil never know.
>
> As you can see, it's not just one mail:
>
> -rw-r----- 1 exim exim 2549239 20. Apr 05:02 ./1Wbi16-0001Z6-FY-D
> -rw-r----- 1 exim exim 2549239 19. Apr 22:02 ./1WbbT3-00078f-QN-D
[...]
>
>
> Any ideas what could have caused this ?
Not offhand. Can you extract a mail from one of those spool files
and work out how to feed it back into exim? If so, then do it
with debug turned on ( -d-all+acl+deliver+expand ) to see where
in the processing it happens. With luck this will give
the relevant expansion item which is big. Then find that in
your config file/s and work out a way to avoid doing it when
it isn't safe...
--
Cheers,
Jeremy
