Hey friends,
I'e been getting some weird spam/virus email that seems to be causing an
unexpected result with exim. I'll show you what I'm seeing, and I'm
wondering if anyone has any ideas on how I can ACL out email addresses
that actually have quotations in their envelope sender address as a
result. I added [breakforfilters] in parts of the log that might
rightfully trigger spam filters for list users.
2022-12-26 18:20:59 1p9s5q-0007aL-2S <=
""@???[breakforfilters]ineamarket.com
H=server12.sistemthflineamarket.com [91.234[breakforfilters].198.105]
P=esmtps X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=no S=9286
id=20221226182019.B64DB27DEC@???[breakforfilters]ineamarket.com
T="Facturacion Electricidad Automatica 42267" from
<""@???[breakforfilters]hflineamarket.com> for
spot@???
2022-12-26 18:20:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc
1p9s5q-0007aL-2S
2022-12-26 18:20:59 1p9s5q-0007aL-2S => me <recipient_censored>
F=<""@???> R=virtual_user_unseen
T=dovecot_lmtp_udp S=9559 C="250 2.0.0 <recipient_censored>
IMDDBgvmqWPNRQAA0ZZHbw Saved"
2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (fault address: (nil))
2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (null pointer indirection)
2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV ( 776 delivering
1p9s5q-0007aL-2S
The full headers:
https://clbin.com/4KsO4
The email was delivered by Dovecot but exim keeps the email in it's
queue, and just keeps spitting out this part until it reaches the end of
retry times or I remove it:
2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (fault address: (nil))
2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (null pointer indirection)
2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV ( 776 delivering
1p9s5q-0007aL-2S
That doesn't seem good. I welcome any thoughts on the subject.
