Hello to all!
some time ago i sent this message to the MIMEDefang mailing list.
Unfortunately,
noone answered.
As this issue seems to be Anomy-related, perhaps somebody on this list
could
help?
I'm not sure if this is the right place to ask, but perhaps someone
else had
the same problem:
Sometimes our mail server is choking on emails, that is a mimedefang.pl
process
eats one CPU completely and after the timeout sendmail gives an 4.71
try again
error. I tracked down the problem to a strange character string which
seems to
occur in HTML-Spam only. I did an ltrace on the hanging process, which
came out
with
malloc(46) = 0x088a36f8
memcpy(0x088a36f8, "<BFRYTE^3247(^(PO1:KJ)_8J7BJK9^""..., 45) =
0x088a36f8
__strtol_internal("1", NULL, 10) = 1
memmove(0x089f6430, 0x088a36f8, 45, 0, 0x0885ae70) = 0x089f6430
memmove(0x08c109b8, 0x089f6430, 45, 0x08c411e0, 0x08857470) = 0x08c109b8
malloc(46) = 0x08c10968
memmove(0x08c10968, 0x08c109b8, 45, 2, 0x08c09854) = 0x08c10968
free(0x088a3868) = <void>
ferror(0x08baff80) = 0
_IO_getc(0x08c2e248) = 'EOF'
memmove(0x08c305b0, 0xbfffd6bc, 0, 0x080b29eb, -1) = 0x08c305b0
clearerr(0x08c2e248, 0x08c2e248, 0, 0x080b6dbb, 0x0890f5c8) = 0x08c2e248
m
and so on. Everytime an email contains this "<BFRYTE^3247(^(PO1:KJ)...",
the process goes nuts while trying to sanitize the HTML part with
Anomy. I upgraded Anomy to the
new 1.54 release, still the same problem. Interestingly, if you do a
Google groups search
for "BFRYTE" you will get more than 100 hits, which is all this
character string, all at the end
of different spam mails.
What's going on here?
Tilman
-- Tilman Kastner DEVICE/N GmbH 18472@xyz.molar.is Ilse-ter-Meer-Weg 7 PGP key available 30449 Hannover, Germany