Re: [exim] Ideas for blocking addresses with quotation marks…

Top Page
This message is part of the following thread:
M+-\the complete thread tree sorted by date
MM\MR M Crorie at <-
MMMJeremy Harris at ->
Delete this message
Reply to this message
Author: Daryl Richards
Date:  
To: exim-users
Subject: Re: [exim] Ideas for blocking addresses with quotation marks in them?
On 2022-12-26 7:58 p.m., Jarland Donnell via Exim-users wrote:
> Hey friends,
>
> I'e been getting some weird spam/virus email that seems to be causing an
> unexpected result with exim. I'll show you what I'm seeing, and I'm
> wondering if anyone has any ideas on how I can ACL out email addresses
> that actually have quotations in their envelope sender address as a
> result. I added [breakforfilters] in parts of the log that might
> rightfully trigger spam filters for list users.
>
> 2022-12-26 18:20:59 1p9s5q-0007aL-2S <=
> ""@???[breakforfilters]ineamarket.com
> H=server12.sistemthflineamarket.com [91.234[breakforfilters].198.105]
> P=esmtps X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=no S=9286
> id=20221226182019.B64DB27DEC@???[breakforfilters]ineamarket.com T="Facturacion Electricidad Automatica 42267" from <""@???[breakforfilters]hflineamarket.com> for spot@???
> 2022-12-26 18:20:59 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc
> 1p9s5q-0007aL-2S
> 2022-12-26 18:20:59 1p9s5q-0007aL-2S => me <recipient_censored>
> F=<""@???> R=virtual_user_unseen
> T=dovecot_lmtp_udp S=9559 C="250 2.0.0 <recipient_censored>
> IMDDBgvmqWPNRQAA0ZZHbw Saved"
> 2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (fault address: (nil))
> 2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (null pointer indirection)
> 2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (  776 delivering
> 1p9s5q-0007aL-2S
>
> The full headers: https://clbin.com/4KsO4
>
> The email was delivered by Dovecot but exim keeps the email in it's
> queue, and just keeps spitting out this part until it reaches the end of
> retry times or I remove it:
>
> 2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (fault address: (nil))
> 2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (null pointer indirection)
> 2022-12-26 18:20:59 1p9s5q-0007aL-2S SIGSEGV (  776 delivering
> 1p9s5q-0007aL-2S
>
> That doesn't seem good. I welcome any thoughts on the subject.
>

Great pointers in the thread about ways to filter these - but the fact
that is causes a null pointer deference is not good. I've been seeing
crashing processes on my server the last few days and it would seem to
be caused by the same double quote senders..

Perhaps time to file a bug?

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Ideas for blocking addresses with quotation marks in them?Re: [exim] Ideas for blocking addresses with quotation marks in them?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)