[exim] Re: is UTF spamsenders now a thing?

Top Page
Delete this message
Reply to this message
Author: Jasen Betts
Date:  
To: exim-users
Subject: [exim] Re: is UTF spamsenders now a thing?
On 2023-07-28, Cyborg via Exim-users <exim-users@???> wrote:
>
> ## No help required , this is just an info for you guys ##
>
> Hi,
>
> we have a new kind of spammer at our mailborder:
>
> 1qOF7T-002mUk-2Y H=(timesquareas.yachts) [216.9.227.107] Warning:
> processing file "" for "To: XXXXXXXXXXXXXXXXX -> From:
> ATTENTION\360\237\222\245-30%%\360\237\222\245 /
> R=ATTENTION\360\237\222\245-30%%\360\237\222\245"
> 1qOF7T-002mUk-2Y H=(timesquareas.yachts) [216.9.227.107]
> F=<XXXXXXXXXXXXXXXXX> temporarily rejected after DATA: MYSQL: query
> failed: Illegal mix of collations (utf8mb4_general_ci,COERCIBLE) and
> (latin1_german1_ci,IMPLICIT) for operation 'regexp'


> As logs show, the mailserver just sends spam a mass, so no big deal when
> it's not processed ;) There are other pure spam servers generating this
> message.
>
> As it looks, a spammer is sending UTF8mb4 encoded shit in "mail from:"
> or "rcpt to:" which than collides with our data structure.


What everone else not afflicted with mysql calls UTF8

Exim supports the SMTPUTF8 extension, you can turm it off if you don't
need its features.

> Unfortunatly, it's not clear which regexp is meant ( there are many,
> really ) , in general is there a meaningful way for a log message where
> or which the query failed as local debug attempts are pointless unless
> we know what the spammer uses exactly :)


Mysql should have a log message of the SQL error, add SQL comments to
your lookups if you need to make them more obviopusly distinct.


--
Jasen.
🇺🇦 Слава Україні

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/