strange string in e-mail causes timeouts

From: Tilman Kastner (
Date: Sun 13 Oct 2002 - 15:46:23 GMT

  • Next message: Derrik Rensink: "Re: filename parsing issue"

    Hello to all!

    some time ago i sent this message to the MIMEDefang mailing list.
    noone answered.

    As this issue seems to be Anomy-related, perhaps somebody on this list

    I'm not sure if this is the right place to ask, but perhaps someone
    else had
    the same problem:

    Sometimes our mail server is choking on emails, that is a
    eats one CPU completely and after the timeout sendmail gives an 4.71
    try again
    error. I tracked down the problem to a strange character string which
    seems to
    occur in HTML-Spam only. I did an ltrace on the hanging process, which
    came out

    malloc(46) = 0x088a36f8
    memcpy(0x088a36f8, "<BFRYTE^3247(^(PO1:KJ)_8J7BJK9^""..., 45) =
    __strtol_internal("1", NULL, 10) = 1
    memmove(0x089f6430, 0x088a36f8, 45, 0, 0x0885ae70) = 0x089f6430
    memmove(0x08c109b8, 0x089f6430, 45, 0x08c411e0, 0x08857470) = 0x08c109b8
    malloc(46) = 0x08c10968
    memmove(0x08c10968, 0x08c109b8, 45, 2, 0x08c09854) = 0x08c10968
    free(0x088a3868) = <void>
    ferror(0x08baff80) = 0
    _IO_getc(0x08c2e248) = 'EOF'
    memmove(0x08c305b0, 0xbfffd6bc, 0, 0x080b29eb, -1) = 0x08c305b0
    clearerr(0x08c2e248, 0x08c2e248, 0, 0x080b6dbb, 0x0890f5c8) = 0x08c2e248

    and so on. Everytime an email contains this "<BFRYTE^3247(^(PO1:KJ)...",
    the process goes nuts while trying to sanitize the HTML part with
    Anomy. I upgraded Anomy to the
    new 1.54 release, still the same problem. Interestingly, if you do a
    Google groups search
    for "BFRYTE" you will get more than 100 hits, which is all this
    character string, all at the end
    of different spam mails.

    What's going on here?


    Tilman Kastner                 DEVICE/N GmbH             Ilse-ter-Meer-Weg 7
    PGP key available              30449 Hannover, Germany

    hosted by